Chromium, Mqttcli, Fonttools, and more updates for Fedora

Fedora Linux 9191 Published 2025-12-20 09:20 by Philipp Esselbach

News

Security updates have been released for Fedora Linux, specifically targeting versions 42 and 43. Several packages have received updates to enhance security, including Chromium, mqttcli, python-unicodedata2, fonttools, gosec, and uriparser. The updates cover multiple versions of Fedora Linux, with some updates shared across both versions, 42 and 43. These updates are designed to improve the security of Fedora Linux installations running these packages.

Fedora 42 Update: chromium-143.0.7499.146-1.fc42
Fedora 42 Update: mqttcli-0.2.8-1.fc42
Fedora 42 Update: python-unicodedata2-17.0.0-1.fc42
Fedora 42 Update: fonttools-4.61.0-1.fc42
Fedora 42 Update: gosec-2.22.11-2.fc42
Fedora 43 Update: mqttcli-0.2.8-1.fc43
Fedora 43 Update: uriparser-1.0.0-1.fc43
Fedora 43 Update: chromium-143.0.7499.146-1.fc43
Fedora 43 Update: gosec-2.22.11-2.fc43

[SECURITY] Fedora 42 Update: chromium-143.0.7499.146-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0805619c28
2025-12-20 01:18:41.356209+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 143.0.7499.146
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 143.0.7499.146
* High CVE-2025-14765: Use after free in WebGPU
* High CVE-2025-14766: Out of bounds read and write in V8
* Force dark mode when auto dark mode web content is on
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2025 Than Ngo [than@redhat.com] - 143.0.7499.146-1
- Update to 143.0.7499.146
* High CVE-2025-14765: Use after free in WebGPU
* High CVE-2025-14766: Out of bounds read and write in V8
- Force dark mode when auto dark mode web content is on
- Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as it's merged
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423106 - CVE-2025-14765 chromium: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423106
[ 2 ] Bug #2423107 - CVE-2025-14765 chromium: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corruption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423107
[ 3 ] Bug #2423110 - CVE-2025-14766 chromium: Google Chrome V8: Out-of-bounds read and write leads to heap corruption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423110
[ 4 ] Bug #2423111 - CVE-2025-14766 chromium: Google Chrome V8: Out-of-bounds read and write leads to heap corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423111
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0805619c28' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: mqttcli-0.2.8-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-34b0986502
2025-12-20 01:18:41.356206+00:00
--------------------------------------------------------------------------------

Name : mqttcli
Product : Fedora 42
Version : 0.2.8
Release : 1.fc42
URL : https://github.com/subpop/mqttcli
Summary : A simple MQTT command-line client
Description :
mqttcli provides two programs (pub and sub) that allow command-line access to an
MQTT broker.

sub subscribes to a topic and prints messages received to standard output.
pub publishes the provided message to the provided topic. Both programs
accept flags that can be provided as a config file.

--------------------------------------------------------------------------------
Update Information:

Update to 0.2.8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2025 Link Dupont - 0.2.8-1
- Update to 0.2.8
* Wed Dec 17 2025 Link Dupont - 0.2.7-1
- Update to 0.2.7
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 0.2.5-9
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.2.5-8
- Rebuild for golang-1.25.0
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408071 - CVE-2025-58189 mqttcli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408071
[ 2 ] Bug #2409541 - CVE-2025-61723 mqttcli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409541
[ 3 ] Bug #2410492 - CVE-2025-58185 mqttcli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410492
[ 4 ] Bug #2411390 - CVE-2025-58188 mqttcli: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411390
[ 5 ] Bug #2423005 - CVE-2025-10543 mqttcli: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423005
[ 6 ] Bug #2423014 - CVE-2025-10543 mqttcli: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423014
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-34b0986502' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 42 Update: python-unicodedata2-17.0.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-58e2bb0f1e
2025-12-20 01:18:41.356091+00:00
--------------------------------------------------------------------------------

Name : python-unicodedata2
Product : Fedora 42
Version : 17.0.0
Release : 1.fc42
URL : http://github.com/fonttools/unicodedata2
Summary : Unicodedata backport updated to the latest Unicode version
Description :
This module provides access to the Unicode Character Database (UCD)
which defines character properties for all Unicode characters. The
data contained in this database is compiled from the UCD version 13.0.0.

The versions of this package match Unicode versions, so unicodedata2==13.0.0
is data from Unicode 13.0.0.

--------------------------------------------------------------------------------
Update Information:

Update to 17.0.0 version (#2412270)
Update fonttools 4.61.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 7 2025 Parag Nemade - 17.0.0-1
- Update to 17.0.0 version (#2412270)
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 16.0.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jul 10 2025 Parag Nemade - 16.0.0-4
- Convert a spec to use pyproject macros (rh#2378303)
* Tue Jun 3 2025 Python Maint - 16.0.0-3
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2421330 - CVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421330
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-58e2bb0f1e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: fonttools-4.61.0-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-58e2bb0f1e
2025-12-20 01:18:41.356091+00:00
--------------------------------------------------------------------------------

Name : fonttools
Product : Fedora 42
Version : 4.61.0
Release : 1.fc42
URL : https://github.com/fonttools/fonttools/
Summary : Tools to manipulate font files
Description :
fontTools is a library for manipulating fonts, written in Python. The project
includes the TTX tool, that can convert TrueType and OpenType fonts to and from
an XML text format, which is also called TTX. It supports TrueType, OpenType,
AFM and to an extent Type 1 and some Mac-specific formats.

--------------------------------------------------------------------------------
Update Information:

Update to 17.0.0 version (#2412270)
Update fonttools 4.61.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 9 2025 Parag Nemade - 4.61.0-1
- Update to 4.61.0 version (#2419183)
* Thu Oct 2 2025 Parag Nemade - 4.60.1-1
- Update to 4.60.1 version (#2400374)
* Fri Sep 19 2025 Python Maint - 4.60.0-2
- Rebuilt for Python 3.14.0rc3 bytecode
* Wed Sep 17 2025 Parag Nemade - 4.60.0-1
- Update to 4.60.0 version (#2396057)
* Thu Aug 28 2025 Parag Nemade - 4.59.2-1
- Update to 4.59.2 version (#2391330)
* Fri Aug 15 2025 Python Maint - 4.59.1-2
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Aug 15 2025 Parag Nemade - 4.59.1-1
- Update to 4.59.1 version (#2388618)
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 4.59.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jul 18 2025 Parag Nemade - 4.59.0-2
- Skip failing test test_ttcompile_timestamp_calcs
* Wed Jul 16 2025 Parag Nemade - 4.59.0-1
- Update to 4.59.0 version (#2381317)
* Fri Jul 4 2025 Parag Nemade - 4.58.5-1
- Update to 4.58.5 version (#2376209)
* Mon Jun 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 4.58.4-1
- Update to 4.58.4 version (#2370864)
- No longer bootstrapping (build with tests enabled)
* Sun Jun 15 2025 Python Maint - 4.58.1-3
- Bootstrap for Python 3.14
* Tue Jun 3 2025 Python Maint - 4.58.1-2
- Bootstrap for Python 3.14
* Thu May 29 2025 Parag Nemade - 4.58.1-1
- Update to 4.58.1 version (#2368984)
* Mon May 12 2025 Parag Nemade - 4.58.0-1
- Update to 4.58.0 version (#2365442)
* Fri Apr 4 2025 Parag Nemade - 4.57.0-1
- Update to 4.57.0 version (#2357231)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2421330 - CVE-2025-66034 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421330
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-58e2bb0f1e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: gosec-2.22.11-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-447e38400e
2025-12-20 01:18:41.356106+00:00
--------------------------------------------------------------------------------

Name : gosec
Product : Fedora 42
Version : 2.22.11
Release : 2.fc42
URL : https://github.com/securego/gosec
Summary : Go security checker
Description :
Go security checker.

--------------------------------------------------------------------------------
Update Information:

Update to 2.22.11
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 11 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.22.11-2
- Fix build
* Thu Dec 11 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.22.11-1
- Update to 2.22.11 - Closes rhbz#2388620
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 2.22.7-3
- Rebuild for golang 1.25.2
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 2.22.7-2
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398826 - CVE-2025-47910 gosec: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398826
[ 2 ] Bug #2399498 - CVE-2025-47906 gosec: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399498
[ 3 ] Bug #2408033 - CVE-2025-58189 gosec: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408033
[ 4 ] Bug #2409501 - CVE-2025-61723 gosec: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409501
[ 5 ] Bug #2410452 - CVE-2025-58185 gosec: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410452
[ 6 ] Bug #2411351 - CVE-2025-58188 gosec: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411351
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-447e38400e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: mqttcli-0.2.8-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-89758d1b13
2025-12-20 00:52:30.902726+00:00
--------------------------------------------------------------------------------

Name : mqttcli
Product : Fedora 43
Version : 0.2.8
Release : 1.fc43
URL : https://github.com/subpop/mqttcli
Summary : A simple MQTT command-line client
Description :
mqttcli provides two programs (pub and sub) that allow command-line access to an
MQTT broker.

sub subscribes to a topic and prints messages received to standard output.
pub publishes the provided message to the provided topic. Both programs
accept flags that can be provided as a config file.

--------------------------------------------------------------------------------
Update Information:

Update to 0.2.8
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2025 Link Dupont - 0.2.8-1
- Update to 0.2.8 (RHBZ#2423020, RHBZ#2423010, RHBZ#2411647, RHBZ#2410751,
RHBZ#2409801, RHBZ#2408328)
* Wed Dec 17 2025 Link Dupont - 0.2.7-1
- Update to 0.2.7
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 0.2.5-9
- rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408328 - CVE-2025-58189 mqttcli: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408328
[ 2 ] Bug #2409801 - CVE-2025-61723 mqttcli: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409801
[ 3 ] Bug #2410751 - CVE-2025-58185 mqttcli: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410751
[ 4 ] Bug #2411647 - CVE-2025-58188 mqttcli: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411647
[ 5 ] Bug #2423010 - CVE-2025-10543 mqttcli: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423010
[ 6 ] Bug #2423020 - CVE-2025-10543 mqttcli: paho.mqtt.golang: Integer Overflow in UTF-8 String Encoding [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423020
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-89758d1b13' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: uriparser-1.0.0-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5c12420f33
2025-12-20 00:52:30.902724+00:00
--------------------------------------------------------------------------------

Name : uriparser
Product : Fedora 43
Version : 1.0.0
Release : 1.fc43
URL : https://uriparser.github.io/
Summary : URI parsing library - RFC 3986
Description :
Uriparser is a strictly RFC 3986 compliant URI parsing library written
in C. uriparser is cross-platform, fast, supports Unicode and is
licensed under the New BSD license.

--------------------------------------------------------------------------------
Update Information:

Update to uriparser-1.0.0, fixes CVE-2025-67899.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec 15 2025 Sandro Mani [manisandro@gmail.com] - 1.0.0-1
- Update to 1.0.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423026 - CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumption via large input [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423026
[ 2 ] Bug #2423027 - CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumption via large input [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423027
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5c12420f33' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: chromium-143.0.7499.146-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-cd7567466d
2025-12-20 00:52:30.902731+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 143.0.7499.146
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 143.0.7499.146
* High CVE-2025-14765: Use after free in WebGPU
* High CVE-2025-14766: Out of bounds read and write in V8
* Force dark mode when auto dark mode web content is on
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2025 Than Ngo [than@redhat.com] - 143.0.7499.146-1
- Update to 143.0.7499.146
* High CVE-2025-14765: Use after free in WebGPU
* High CVE-2025-14766: Out of bounds read and write in V8
- Force dark mode when auto dark mode web content is on
- Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as it's merged
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423106 - CVE-2025-14765 chromium: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423106
[ 2 ] Bug #2423107 - CVE-2025-14765 chromium: Chromium: Use after free in WebGPU allows remote attacker to exploit heap corruption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423107
[ 3 ] Bug #2423110 - CVE-2025-14766 chromium: Google Chrome V8: Out-of-bounds read and write leads to heap corruption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423110
[ 4 ] Bug #2423111 - CVE-2025-14766 chromium: Google Chrome V8: Out-of-bounds read and write leads to heap corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2423111
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-cd7567466d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: gosec-2.22.11-2.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6ad9ed1275
2025-12-20 00:52:30.902645+00:00
--------------------------------------------------------------------------------

Name : gosec
Product : Fedora 43
Version : 2.22.11
Release : 2.fc43
URL : https://github.com/securego/gosec
Summary : Go security checker
Description :
Go security checker.

--------------------------------------------------------------------------------
Update Information:

Update to 2.22.11
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 11 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.22.11-2
- Fix build
* Thu Dec 11 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 2.22.11-1
- Update to 2.22.11 - Closes rhbz#2388620
* Fri Oct 10 2025 Maxwell G [maxwell@gtmx.me] - 2.22.7-3
- Rebuild for golang 1.25.2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408291 - CVE-2025-58189 gosec: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408291
[ 2 ] Bug #2409764 - CVE-2025-61723 gosec: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409764
[ 3 ] Bug #2410714 - CVE-2025-58185 gosec: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410714
[ 4 ] Bug #2411610 - CVE-2025-58188 gosec: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411610
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6ad9ed1275' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

PHP 8.1.34, 8.2.30, 8.3.29, 8.4.16, and 8.5.1 Fedora/RHEL Packages released

Podman, Python, LibSSH, and more updates for Rocky Linux

Chromium, Mqttcli, Fonttools, and more updates for Fedora

[SECURITY] Fedora 42 Update: chromium-143.0.7499.146-1.fc42

[SECURITY] Fedora 42 Update: mqttcli-0.2.8-1.fc42

[SECURITY] Fedora 42 Update: python-unicodedata2-17.0.0-1.fc42

[SECURITY] Fedora 42 Update: fonttools-4.61.0-1.fc42

[SECURITY] Fedora 42 Update: gosec-2.22.11-2.fc42

[SECURITY] Fedora 43 Update: mqttcli-0.2.8-1.fc43

[SECURITY] Fedora 43 Update: uriparser-1.0.0-1.fc43

[SECURITY] Fedora 43 Update: chromium-143.0.7499.146-1.fc43

[SECURITY] Fedora 43 Update: gosec-2.22.11-2.fc43

Windows

Linux

macOS

Community