Chromium, Golang, Valkey, and more updates for Fedora

Fedora Linux 9154 Published by

Security updates have been released for Fedora Linux, including updates to various packages such as Chromium and golang-github-facebook-time. Updates are available for multiple versions of Fedora, including Fedora 41, Fedora 42, and Fedora 43. The list includes package updates for applications like perl-YAML-Syck, sssd, and cri-o, in addition to others like docker-buildx and WordPress.

Fedora 43 Update: chromium-141.0.7390.122-1.fc43
Fedora 42 Update: golang-github-facebook-time-0^20251021gite970944-1.fc42
Fedora 42 Update: perl-YAML-Syck-1.36-1.fc42
Fedora 41 Update: sssd-2.11.1-2.fc41
Fedora 41 Update: golang-github-facebook-time-0^20251021gite970944-1.fc41
Fedora 41 Update: perl-YAML-Syck-1.36-1.fc41
Fedora 43 Update: valkey-8.1.4-2.fc43
Fedora 43 Update: cef-140.1.15^chromium140.0.7339.207-3.fc43
Fedora 43 Update: podman-tui-1.9.0-1.fc43
Fedora 43 Update: docker-buildx-0.29.1-1.fc43
Fedora 43 Update: cri-o1.31-1.31.13-1.fc43
Fedora 43 Update: cri-o1.32-1.32.9-1.fc43
Fedora 43 Update: cri-o1.33-1.33.5-1.fc43
Fedora 43 Update: cri-o1.34-1.34.1-1.fc43
Fedora 43 Update: docker-buildkit-0.25.0-1.fc43
Fedora 43 Update: wordpress-6.8.3-1.fc43
Fedora 43 Update: insight-13.0.50.20220502-27.fc43
Fedora 43 Update: yarnpkg-1.22.22-12.fc43




[SECURITY] Fedora 43 Update: chromium-141.0.7390.122-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c75c2892d7
2025-10-26 02:12:14.836558+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 141.0.7390.122
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 141.0.7390.122
High CVE-2025-12036 chromium: Inappropriate implementation in V8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 22 2025 Than Ngo [than@redhat.com] - 141.0.7390.122-1
- Update to 141.0.7390.122
* High CVE-2025-12036 chromium: Inappropriate implementation in V8
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c75c2892d7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: golang-github-facebook-time-0^20251021gite970944-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a6cb455ca2
2025-10-26 01:34:36.444514+00:00
--------------------------------------------------------------------------------

Name : golang-github-facebook-time
Product : Fedora 42
Version : 0^20251021gite970944
Release : 1.fc42
URL : https://github.com/facebook/time
Summary : Meta's Time libraries
Description :
Meta's Time libraries.

--------------------------------------------------------------------------------
Update Information:

Update to latest snapshot
Switch to vendoring dependencies per the upcoming Golang guidelines, this allows
us to ship on EL10
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 24 2025 Michel Lind [salimma@fedoraproject.org] - 0^20251021gite970944-1
- Update to latest snapshot
- Switch to vendored dependencies to simplify building on EPEL
* Mon Oct 20 2025 Oleg Obleukhov [leoleovich@fedoraproject.org] - 0^20251020git7e12848-1
- Build latest
* Fri Oct 17 2025 Oleg Obleukhov [leoleovich@fedoraproject.org] - 0^20251017git54b50e6-1
- Build latest
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 0^20250321gita7c4fe1-4
- Rebuild for golang 1.25.2
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0^20250321gita7c4fe1-3
- Rebuild for golang-1.25.0
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0^20250321gita7c4fe1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398723 - CVE-2025-47910 golang-github-facebook-time: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398723
[ 2 ] Bug #2399405 - CVE-2025-47906 golang-github-facebook-time: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399405
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a6cb455ca2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.36-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5b2d494617
2025-10-26 01:34:36.444461+00:00
--------------------------------------------------------------------------------

Name : perl-YAML-Syck
Product : Fedora 42
Version : 1.36
Release : 1.fc42
URL : https://metacpan.org/release/YAML-Syck
Summary : Fast, lightweight YAML loader and dumper
Description :
This module provides a Perl interface to the libsyck data serialization
library. It exports the Dump and Load functions for converting Perl data
structures to YAML strings, and the other way around.

--------------------------------------------------------------------------------
Update Information:

This update addresses a flaw in which processing a specially-crafted YAML
document could lead to accessing information outside of the document itself and
hence potential information disclosure.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 11 2025 Paul Howarth - 1.36-1
- Update to 1.36
- Address memory corruption leading to 'str' value being set on empty keys
* Fri Oct 10 2025 Paul Howarth - 1.35-1
- Update to 1.35
- Address parsing error related to string detection on read for empty strings
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.34-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.34-17
- Perl 5.42 rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2404562 - CVE-2025-11683 perl-YAML-Syck: YAML::Syck potential Information Disclosure [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404562
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5b2d494617' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: sssd-2.11.1-2.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c1dfec4d73
2025-10-26 01:06:44.612094+00:00
--------------------------------------------------------------------------------

Name : sssd
Product : Fedora 41
Version : 2.11.1
Release : 2.fc41
URL : https://github.com/SSSD/sssd/
Summary : System Security Services Daemon
Description :
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable back end system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

The sssd subpackage is a meta-package that contains the daemon as well as all
the existing back ends.

--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2025-11561
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2402728
After startup SSSD already creates a Kerberos configuration snippet in
/var/lib/sss/pubconf/krb5.include.d/localauth_plugin if the AD or IPA providers
are used. This enables SSSD's localauth plugin. Starting with this update the
an2ln plugin is disabled in the configuration snippet as well. If this file or
its content are included in the Kerberos configuration (a default on Fedora) it
will fix CVE-2025-11561.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 20 2025 Alexey Tikhonov [atikhono@redhat.com] - 2.11.1-2
- Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2402728
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c1dfec4d73' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: golang-github-facebook-time-0^20251021gite970944-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-cf2e1f1604
2025-10-26 01:06:44.612097+00:00
--------------------------------------------------------------------------------

Name : golang-github-facebook-time
Product : Fedora 41
Version : 0^20251021gite970944
Release : 1.fc41
URL : https://github.com/facebook/time
Summary : Meta's Time libraries
Description :
Meta's Time libraries.

--------------------------------------------------------------------------------
Update Information:

Update to latest snapshot
Switch to vendoring dependencies per the upcoming Golang guidelines, this allows
us to ship on EL10
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 24 2025 Michel Lind [salimma@fedoraproject.org] - 0^20251021gite970944-1
- Update to latest snapshot
- Switch to vendored dependencies to simplify building on EPEL
* Mon Oct 20 2025 Oleg Obleukhov [leoleovich@fedoraproject.org] - 0^20251020git7e12848-1
- Build latest
* Fri Oct 17 2025 Oleg Obleukhov [leoleovich@fedoraproject.org] - 0^20251017git54b50e6-1
- Build latest
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 0^20250321gita7c4fe1-4
- Rebuild for golang 1.25.2
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0^20250321gita7c4fe1-3
- Rebuild for golang-1.25.0
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0^20250321gita7c4fe1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398466 - CVE-2025-47910 golang-github-facebook-time: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398466
[ 2 ] Bug #2399130 - CVE-2025-47906 golang-github-facebook-time: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399130
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-cf2e1f1604' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: perl-YAML-Syck-1.36-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-568b5b6ddc
2025-10-26 01:06:44.612041+00:00
--------------------------------------------------------------------------------

Name : perl-YAML-Syck
Product : Fedora 41
Version : 1.36
Release : 1.fc41
URL : https://metacpan.org/release/YAML-Syck
Summary : Fast, lightweight YAML loader and dumper
Description :
This module provides a Perl interface to the libsyck data serialization
library. It exports the Dump and Load functions for converting Perl data
structures to YAML strings, and the other way around.

--------------------------------------------------------------------------------
Update Information:

This update addresses a flaw in which processing a specially-crafted YAML
document could lead to accessing information outside of the document itself and
hence potential information disclosure.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 11 2025 Paul Howarth - 1.36-1
- Update to 1.36
- Address memory corruption leading to 'str' value being set on empty keys
* Fri Oct 10 2025 Paul Howarth - 1.35-1
- Update to 1.35
- Address parsing error related to string detection on read for empty strings
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.34-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jul 7 2025 Jitka Plesnikova [jplesnik@redhat.com] - 1.34-17
- Perl 5.42 rebuild
* Sat Jan 18 2025 Paul Howarth - 1.34-16
- Build using -std=gnu17 since ancient code does not compile with -std=c23
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.34-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2404563 - CVE-2025-11683 perl-YAML-Syck: YAML::Syck potential Information Disclosure [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2404563
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-568b5b6ddc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: valkey-8.1.4-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fd6619a49f
2025-10-25 20:54:13.408259+00:00
--------------------------------------------------------------------------------

Name : valkey
Product : Fedora 43
Version : 8.1.4
Release : 2.fc43
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.

You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.

You can use Valkey from most programming languages also.

See https://valkey.io/topics/

--------------------------------------------------------------------------------
Update Information:

Valkey 8.1.4
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Security fixes
CVE-2025-49844 A Lua script may lead to remote code execution
CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
CVE-2025-46818 A Lua script can be executed in the context of another user
CVE-2025-46819 LUA out-of-bound read
Bug fixes
Fix accounting for dual channel RDB bytes in replication stats (#2614)
Fix EVAL to report unknown error when empty error table is provided (#2229)
Fix use-after-free when active expiration triggers hashtable to shrink (#2257)
Fix MEMORY USAGE to account for embedded keys (#2290)
Fix memory leak when shrinking a hashtable without entries (#2288)
Prevent potential assertion in active defrag handling large allocations (#2353)
Prevent bad memory access when NOTOUCH client gets unblocked (#2347)
Converge divergent shard-id persisted in nodes.conf to primary's shard id
(#2174)
Fix client tracking memory overhead calculation (#2360)
Fix RDB load per slot memory pre-allocation when loading from RDB snapshot
(#2466)
Don't use AVX2 instructions if the CPU doesn't support it (#2571)
Fix bug where active defrag may be unable to defrag sparsely filled pages
(#2656)
Packaging changes
add new sub-package valkey-tls for the TLS encryption module, which was
previously built into main valkey
add new sub-package valkey-rdma for the RDMA (Remote Direct Memory Access )
module, this a new optional feature
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 6 2025 Remi Collet [remi@fedoraproject.org] - 8.1.4-2
- improve the patch for loadmodule directive
* Sat Oct 4 2025 Remi Collet [remi@fedoraproject.org] - 8.1.4-1
- Valkey 8.1.4 - Released Fri 09 October 2025
- Upgrade urgency SECURITY:
CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819
- fix CONFIG REWRITE breaks configuration
reported as https://github.com/valkey-io/valkey/issues/2678
using patch from https://github.com/valkey-io/valkey/pull/2689
* Wed Oct 1 2025 Remi Collet [remi@fedoraproject.org] - 8.1.3-6
- add sub-package for RDMA module
- add sub-package for TLS module
* Fri Sep 26 2025 Nathan Scott [nathans@redhat.com] - 8.1.3-5
- enable Remote Direct Memory Access (RDMA) capabilities
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fd6619a49f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: cef-140.1.15^chromium140.0.7339.207-3.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1e8f05e0a6
2025-10-25 20:54:13.408256+00:00
--------------------------------------------------------------------------------

Name : cef
Product : Fedora 43
Version : 140.1.15^chromium140.0.7339.207
Release : 3.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 140.1.15^chromium140.0.7339.207 (rhbz#2396308)
CVE-2025-10890: Side-channel information leakage in V8
CVE-2025-10891: Integer overflow in V8
CVE-2025-10892: Integer overflow in V8
CVE-2025-10585: Type Confusion in V8
CVE-2025-10500: Use after free in Dawn
CVE-2025-10501: Use after free in WebRTC
CVE-2025-10502: Heap buffer overflow in ANGLE
CVE-2025-10200: Use after free in Serviceworker
CVE-2025-10201: Inappropriate implementation in Mojo
CVE-2025-9864: Use after free in V8
CVE-2025-9865: Inappropriate implementation in Toolbar
CVE-2025-9866: Inappropriate implementation in Extensions
CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.207-1
- Update to 140.0.7339.207
- * CVE-2025-10890: Side-channel information leakage in V8
- * CVE-2025-10891: Integer overflow in V8
- * CVE-2025-10892: Integer overflow in V8
* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.185-1
- Update to 140.0.7339.185
- * CVE-2025-10585: Type Confusion in V8
- * CVE-2025-10500: Use after free in Dawn
- * CVE-2025-10501: Use after free in WebRTC
- * CVE-2025-10502: Heap buffer overflow in ANGLE
- * Fix rendering issue on epel9
* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.127-1
- Update to 140.0.7339.127
- * CVE-2025-10200: Use after free in Serviceworker
- * CVE-2025-10201: Inappropriate implementation in Mojo
* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.80-1
- Update to 140.0.7339.80 (rhbz#2396308)
- * Update to cef-140.1.15+gfaef09b (rhbz#2380429) (Asahi Lina)
- * CVE-2025-9864: Use after free in V8
- * CVE-2025-9865: Inappropriate implementation in Toolbar
- * CVE-2025-9866: Inappropriate implementation in Extensions
- * CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2396308 - cef-140.1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2396308
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1e8f05e0a6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: podman-tui-1.9.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d3389aa39a
2025-10-25 20:54:13.408250+00:00
--------------------------------------------------------------------------------

Name : podman-tui
Product : Fedora 43
Version : 1.9.0
Release : 1.fc43
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :

podman-tui is a terminal user interface for Podman v4 and v5.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.

--------------------------------------------------------------------------------
Update Information:

podman-tui release v1.9.0
podman-tui release 1.8.1
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 4 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.9.0-1
- Release v1.9.0
* Sun Sep 28 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.8.1-1
- Release v1.8.1
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398609 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398609
[ 2 ] Bug #2398875 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398875
[ 3 ] Bug #2399273 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399273
[ 4 ] Bug #2399552 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399552
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d3389aa39a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: docker-buildx-0.29.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d81c797483
2025-10-25 20:54:13.408229+00:00
--------------------------------------------------------------------------------

Name : docker-buildx
Product : Fedora 43
Version : 0.29.1
Release : 1.fc43
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.29.1
Upstream fixes
Update to release v0.29.0
Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082,
rhbz#2399355
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 3 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.29.1-1
- Update to release v0.29.1
- Upstream fixes
* Tue Sep 30 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.29.0-1
- Update to release v0.29.0
- Resolves: rhbz#2397747, rhbz#2398425, rhbz#2398679, rhbz#2399082,
rhbz#2399355
- Upstream new features and fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2397747 - docker-buildx-0.29.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2397747
[ 2 ] Bug #2398425 - CVE-2025-47910 docker-buildx: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398425
[ 3 ] Bug #2398679 - CVE-2025-47910 docker-buildx: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398679
[ 4 ] Bug #2399082 - CVE-2025-47906 docker-buildx: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399082
[ 5 ] Bug #2399355 - CVE-2025-47906 docker-buildx: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399355
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d81c797483' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: cri-o1.31-1.31.13-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-20a9e0e990
2025-10-25 20:54:13.408156+00:00
--------------------------------------------------------------------------------

Name : cri-o1.31
Product : Fedora 43
Version : 1.31.13
Release : 1.fc43
URL : https://github.com/cri-o/cri-o
Summary : Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
Description :
Open Container Initiative-based implementation of Kubernetes Container Runtime
Interface.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.31.13
Resolves: rhbz#2333357, rhbz#2398406, rhbz#2398661, rhbz#2399063,
rhbz#2399337
Upstream fix
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 2 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.31.13-1
- Update to release v1.31.13
- Resolves: rhbz#2333357, rhbz#2398406, rhbz#2398661, rhbz#2399063,
rhbz#2399337
- Upstream fix
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333357 - cri-o-1.34.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2333357
[ 2 ] Bug #2398406 - CVE-2025-47910 cri-o1.31: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398406
[ 3 ] Bug #2398661 - CVE-2025-47910 cri-o1.31: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398661
[ 4 ] Bug #2399063 - CVE-2025-47906 cri-o1.31: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399063
[ 5 ] Bug #2399337 - CVE-2025-47906 cri-o1.31: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399337
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-20a9e0e990' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: cri-o1.32-1.32.9-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-661c377e53
2025-10-25 20:54:13.408152+00:00
--------------------------------------------------------------------------------

Name : cri-o1.32
Product : Fedora 43
Version : 1.32.9
Release : 1.fc43
URL : https://github.com/cri-o/cri-o
Summary : Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
Description :
Open Container Initiative-based implementation of Kubernetes Container Runtime
Interface.

--------------------------------------------------------------------------------
Update Information:

Update to release 1.32.9
Resolves: rhbz#2333357, rhbz#2398407, rhbz#2398662, rhbz#2399064,
rhbz#2399338
Upstream fix
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 2 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.32.9-1
- Update to release 1.32.9
- Resolves: rhbz#2333357, rhbz#2398407, rhbz#2398662, rhbz#2399064,
rhbz#2399338
- Upstream fix
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333357 - cri-o-1.34.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2333357
[ 2 ] Bug #2398407 - CVE-2025-47910 cri-o1.32: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398407
[ 3 ] Bug #2398662 - CVE-2025-47910 cri-o1.32: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398662
[ 4 ] Bug #2399064 - CVE-2025-47906 cri-o1.32: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399064
[ 5 ] Bug #2399338 - CVE-2025-47906 cri-o1.32: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399338
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-661c377e53' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: cri-o1.33-1.33.5-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5237b2ff57
2025-10-25 20:54:13.408149+00:00
--------------------------------------------------------------------------------

Name : cri-o1.33
Product : Fedora 43
Version : 1.33.5
Release : 1.fc43
URL : https://github.com/cri-o/cri-o
Summary : Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
Description :
Open Container Initiative-based implementation of Kubernetes Container Runtime
Interface.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.33.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 2 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.33.5-1
- Update to release v1.33.5
- Resolves: rhbz#2333357, rhbz#2375096, rhbz#2398408, rhbz#2398663,
rhbz#2399065, rhbz#2399339
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333357 - cri-o-1.34.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2333357
[ 2 ] Bug #2375096 - CVE-2025-4437 cri-o1.33: Large /etc/passwd file may lead to Denial of Service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2375096
[ 3 ] Bug #2398408 - CVE-2025-47910 cri-o1.33: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398408
[ 4 ] Bug #2398663 - CVE-2025-47910 cri-o1.33: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398663
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5237b2ff57' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: cri-o1.34-1.34.1-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a8059b12d3
2025-10-25 20:54:13.408146+00:00
--------------------------------------------------------------------------------

Name : cri-o1.34
Product : Fedora 43
Version : 1.34.1
Release : 1.fc43
URL : https://github.com/cri-o/cri-o
Summary : Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
Description :
Open Container Initiative-based implementation of Kubernetes Container Runtime
Interface.

--------------------------------------------------------------------------------
Update Information:

Update to release v1.34.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 2 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 1.34.1-1
- Update to release v1.34.1
- Resolves: rhbz#2333357, rhbz#2398409, rhbz#2398664, rhbz#2399066,
rhbz#2399340
- Upstream fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2333357 - cri-o-1.34.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2333357
[ 2 ] Bug #2398409 - CVE-2025-47910 cri-o1.34: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398409
[ 3 ] Bug #2398664 - CVE-2025-47910 cri-o1.34: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398664
[ 4 ] Bug #2399066 - CVE-2025-47906 cri-o1.34: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399066
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a8059b12d3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: docker-buildkit-0.25.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f7a2d648e7
2025-10-25 20:54:13.408056+00:00
--------------------------------------------------------------------------------

Name : docker-buildkit
Product : Fedora 43
Version : 0.25.0
Release : 1.fc43
URL : https://github.com/moby/buildkit
Summary : Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Description :
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.25.0
Resolves: rhbz#2399354, rhbz#2399081, rhbz#2398678, rhbz#2398424
Upstream feature additions and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.25.0-1
- Update to release v0.25.0
- Resolves: rhbz#2399354, rhbz#2399081, rhbz#2398678, rhbz#2398424
- Upstream feature additions and fixes
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398424 - CVE-2025-47910 docker-buildkit: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398424
[ 2 ] Bug #2398678 - CVE-2025-47910 docker-buildkit: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398678
[ 3 ] Bug #2399081 - CVE-2025-47906 docker-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399081
[ 4 ] Bug #2399354 - CVE-2025-47906 docker-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399354
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f7a2d648e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: wordpress-6.8.3-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8e71abf396
2025-10-25 20:54:13.407992+00:00
--------------------------------------------------------------------------------

Name : wordpress
Product : Fedora 43
Version : 6.8.3
Release : 1.fc43
URL : https://wordpress.org/
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.

Important information in /usr/share/doc/wordpress/README.fedora

--------------------------------------------------------------------------------
Update Information:

WordPress 6.8.3 Release
Security updates included in this release:
A data exposure issue where authenticated users could access some restricted
content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and
Peter Wilson.
A cross-site scripting (XSS) vulnerability requiring an authenticated user role
that affects the nav menus. Reported by Phill Savage.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 1 2025 Remi Collet [remi@remirepo.net] - 6.8.3-1
- WordPress 6.8.3 Security Release
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8e71abf396' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: insight-13.0.50.20220502-27.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d4476478fd
2025-10-25 20:54:13.407983+00:00
--------------------------------------------------------------------------------

Name : insight
Product : Fedora 43
Version : 13.0.50.20220502
Release : 27.fc43
URL : https://www.sourceware.org/insight/
Summary : Graphical debugger based on GDB
Description :
Insight is a tight graphical user interface to GDB written in Tcl/Tk.
It provides a comprehensive interface that enables users to harness
most of GDB's power. It's also probably the only up-to-date UI for
the latest GDB version.

--------------------------------------------------------------------------------
Update Information:

Fix CVS 2025-11082 and 2025-11083.
conditional for explicit BR tcl/tk 8
dummy rpm check section.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Patrick Monnerat [patrick@monnerat.net] 13.0.50.20220502-27
- Patch "cve-2025-11082" fixes CVS 2025-11082.
https://bugzilla.redhat.com/show_bug.cgi?id=2400356
- Patch "cve-2025-11083" fixes CVS 2025-11083.
https://bugzilla.redhat.com/show_bug.cgi?id=2400349
- Conditional explicit BR tcl/tk 8.
- Dummy rpm check section.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2400317 - CVE-2025-11083 insight: GNU Binutils Linker heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2400317
[ 2 ] Bug #2400323 - CVE-2025-11082 insight: GNU Binutils Linker heap-based overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2400323
[ 3 ] Bug #2400349 - CVE-2025-11083 insight: GNU Binutils Linker heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400349
[ 4 ] Bug #2400356 - CVE-2025-11082 insight: GNU Binutils Linker heap-based overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2400356
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d4476478fd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: yarnpkg-1.22.22-12.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ee9e7fb981
2025-10-25 20:54:13.407980+00:00
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 43
Version : 1.22.22
Release : 12.fc43
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2025-59343.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-12
- Regenerate bundle, fixes CVE-2025-59343
- Patch out eslint and commitizen devDependencies to reduce dependencies
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2397971 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397971
[ 2 ] Bug #2397973 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2397973
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ee9e7fb981' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Zen Browser 1.17.3b released

Netty, Chromedriver, Libunbound updates for SUSE

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...