CUPS, Chromium, QEMU, Exiv2, Perl updates for Fedora

Fedora Linux 9174 Published by

Security updates have been released for Fedora Linux across multiple versions, including Fedora 41 and 42 to 43 Beta (RC). The updates include fixes for various packages such as CUPS, Chromium, QEMU, Exiv2, Perl-Catalyst-Plugin-Session, Perl-Plack-Middleware-Session, and Perl-Catalyst-Authentication-Credential-HTTP.

Fedora 41 Update: cups-2.4.14-1.fc41
Fedora 42 Update: perl-Catalyst-Plugin-Session-0.44-1.fc42
Fedora 42 Update: perl-Plack-Middleware-Session-0.36-1.fc42
Fedora 42 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc42
Fedora 43 Update: chromium-140.0.7339.127-1.fc43
Fedora 43 Update: cups-2.4.14-1.fc43
Fedora 43 Update: qemu-10.1.0-6.fc43
Fedora 43 Update: exiv2-0.28.6-2.fc43



[SECURITY] Fedora 41 Update: cups-2.4.14-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a83ad46ca7
2025-09-16 01:24:08.280964+00:00
--------------------------------------------------------------------------------

Name : cups
Product : Fedora 41
Version : 2.4.14
Release : 1.fc41
URL : https://openprinting.github.io/cups/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX?? operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

2.4.14 (fixes CVE-2025-58060 and CVE-2025-58364)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2025 Zdenek Dohnal [zdohnal@redhat.com] - 1:2.4.14-1
- 2.4.14 (fixes CVE-2025-58060 and CVE-2025-58364)
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1:2.4.12-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 1:2.4.12-3
- Make sure the /usr/sbin/lpc symlink is created on unmerged systems
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2392595 - CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
https://bugzilla.redhat.com/show_bug.cgi?id=2392595
[ 2 ] Bug #2393078 - CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2393078
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a83ad46ca7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: perl-Catalyst-Plugin-Session-0.44-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-90d5989bee
2025-09-16 01:14:45.503759+00:00
--------------------------------------------------------------------------------

Name : perl-Catalyst-Plugin-Session
Product : Fedora 42
Version : 0.44
Release : 1.fc42
URL : https://metacpan.org/release/Catalyst-Plugin-Session
Summary : Catalyst generic session plugin
Description :
This plugin is the base of two related parts of functionality
required for session management in web applications.

The first part, the State, is getting the browser to repeat back a
session key, so that the web application can identify the client and
logically string several requests together into a session.

The second part, the Store, deals with the actual storage of information
about the client. This data is stored so that the it may be revived for
every request made by the same client.

This plugin links the two pieces together.

--------------------------------------------------------------------------------
Update Information:

This update upgrade the package to version 0.44. This version fixes
CVE-2025-40924 by using Crypt::SysRandom to generate properly random session
IDs.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 31 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 0.44-1
- Update to 0.44
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2381744 - CVE-2025-40924 perl-Catalyst-Plugin-Session: Catalyst::Plugin::Session generates session ids insecurely [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381744
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-90d5989bee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: perl-Plack-Middleware-Session-0.36-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ca07c36a0a
2025-09-16 01:14:45.503765+00:00
--------------------------------------------------------------------------------

Name : perl-Plack-Middleware-Session
Product : Fedora 42
Version : 0.36
Release : 1.fc42
URL : http://metacpan.org/release/Plack-Middleware-Session
Summary : Middleware for session management
Description :
This is a Plack Middleware component for session management. By default it
will use cookies to keep session state and store data in memory. This
distribution also comes with other state and store solutions.

--------------------------------------------------------------------------------
Update Information:

This update upgrade the package to version 0.36. This version fixes
CVE-2025-40923 by using Crypt::SysRandom to generate secure session IDs.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 31 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 0.36-1
- Update to 0.36
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2381421 - CVE-2025-40923 perl-Plack-Middleware-Session: Plack-Middleware-Session insecure session ids [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381421
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ca07c36a0a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d72429a1f8
2025-09-16 01:14:45.503754+00:00
--------------------------------------------------------------------------------

Name : perl-Catalyst-Authentication-Credential-HTTP
Product : Fedora 42
Version : 1.019
Release : 1.fc42
URL : https://metacpan.org/release/Catalyst-Authentication-Credential-HTTP
Summary : HTTP Basic and Digest authentication for Catalyst
Description :
This module lets you use HTTP authentication with
Catalyst::Plugin::Authentication. Both basic and digest authentication are
currently supported.

--------------------------------------------------------------------------------
Update Information:

This update upgrade the package to version 1.019. This version fixes
CVE-2025-40920 by using Crypt::SysRandom to generate nonces instead of
Data::UUID.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 31 2025 Emmanuel Seyman [emmanuel@seyman.fr] - 1.019-1
- Update to 1.019
- Rework dependencies
- Switch build system
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2387730 - CVE-2025-40920 perl-Catalyst-Authentication-Credential-HTTP: Catalyst::Authentication::Credential::HTTP insecure nonce generation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2387730
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d72429a1f8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: chromium-140.0.7339.127-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fade46c641
2025-09-16 00:18:50.663615+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 140.0.7339.127
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 140.0.7339.127
CVE-2025-10200: Use after free in Serviceworker
CVE-2025-10201: Inappropriate implementation in Mojo
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2025 Than Ngo [than@redhat.com] - 140.0.7339.127-1
- Update to 140.0.7339.127
* CVE-2025-10200: Use after free in Serviceworker
* CVE-2025-10201: Inappropriate implementation in Mojo
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2390725 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2390725
[ 2 ] Bug #2392286 - CVE-2025-9478 chromium: Use after free in ANGLE [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2392286
[ 3 ] Bug #2392293 - CVE-2025-9478 chromium: Use after free in ANGLE [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2392293
[ 4 ] Bug #2393035 - CVE-2025-9864 chromium: Use after free in Cast in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393035
[ 5 ] Bug #2393036 - CVE-2025-9864 chromium: Use after free in Cast in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393036
[ 6 ] Bug #2393051 - CVE-2025-9866 chromium: Inappropriate implementation in Extensions in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393051
[ 7 ] Bug #2393052 - CVE-2025-9866 chromium: Inappropriate implementation in Extensions in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393052
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fade46c641' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: cups-2.4.14-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3596273b51
2025-09-16 00:18:50.663611+00:00
--------------------------------------------------------------------------------

Name : cups
Product : Fedora 43
Version : 2.4.14
Release : 1.fc43
URL : https://openprinting.github.io/cups/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX?? operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

2.4.14 (fixes CVE-2025-58060 and CVE-2025-58364)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2025 Zdenek Dohnal [zdohnal@redhat.com] - 1:2.4.14-1
- 2.4.14 (fixes CVE-2025-58060 and CVE-2025-58364)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2392595 - CVE-2025-58060 cups: Authentication Bypass in CUPS Authorization Handling
https://bugzilla.redhat.com/show_bug.cgi?id=2392595
[ 2 ] Bug #2393078 - CVE-2025-58364 cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2393078
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3596273b51' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: qemu-10.1.0-6.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b8b6acb283
2025-09-16 00:18:50.663535+00:00
--------------------------------------------------------------------------------

Name : qemu
Product : Fedora 43
Version : 10.1.0
Release : 6.fc43
URL : http://www.qemu.org/
Summary : QEMU is a FAST! processor emulator
Description :
qemu is an open source virtualizer that provides hardware
emulation for the KVM hypervisor. qemu acts as a virtual
machine monitor together with the KVM kernel modules, and emulates the
hardware for a full system such as a PC and its associated peripherals.

--------------------------------------------------------------------------------
Update Information:

Fix crash with spice GL (bz 2391334)
Update to 10.1.0 GA release
Automatic update for qemu-10.1.0-0.4.rc4.fc43.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Cole Robinson [crobinso@redhat.com] - 2:10.1.0-6
- Fix crash with spice GL (bz 2391334)
* Wed Aug 27 2025 Daniel P. Berrang?? [berrange@redhat.com] - 2:10.1.0-5
- Update to 10.1.0 GA release
* Sun Aug 24 2025 Mauro Matteo Cascella [mcascell@redhat.com] - 2:10.1.0-0.4.rc4
- Update to rc4 release
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2387590 - CVE-2025-8860 qemu: uefi-vars: information disclosure vulnerability in uefi_vars_write callback [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387590
[ 2 ] Bug #2391334 - qemu crashes in qemu_spice_gl_scanout_disable during early boot
https://bugzilla.redhat.com/show_bug.cgi?id=2391334
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b8b6acb283' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 43 Update: exiv2-0.28.6-2.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c23727e694
2025-09-16 00:18:50.663507+00:00
--------------------------------------------------------------------------------

Name : exiv2
Product : Fedora 43
Version : 0.28.6
Release : 2.fc43
URL : http://www.exiv2.org/
Summary : Exif, IPTC and XMP metadata manipulation library
Description :
A command line utility to access image metadata, allowing one to:
* print the Exif metadata of Jpeg images as summary info, interpreted values,
or the plain data for each tag
* print the Iptc metadata of Jpeg images
* print the Jpeg comment of Jpeg images
* set, add and delete Exif and Iptc metadata of Jpeg images
* adjust the Exif timestamp (that's how it all started...)
* rename Exif image files according to the Exif timestamp
* extract, insert and delete Exif metadata (including thumbnails),
Iptc metadata and Jpeg comments

--------------------------------------------------------------------------------
Update Information:

Exiv2 0.28.6 + patch to fix silent abi breakage
Exiv2 v0.28.6 (Fixes two low severity CVEs)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 31 2025 Steve Cossette [farchord@gmail.com] - 0.28.6-2
- Make methods non-virtual (Fix for a silent ABI change introduced in
0.28.6)
* Fri Aug 29 2025 Steve Cossette [farchord@gmail.com] - 0.28.6-1
- 0.28.6
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391817 - CVE-2025-54080 exiv2: Exiv2 Segmentation Faults [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391817
[ 2 ] Bug #2391838 - CVE-2025-55304 exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391838
[ 3 ] Bug #2391902 - exiv2-0.28.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2391902
[ 4 ] Bug #2391935 - FE: Exiv2 v0.28.6
https://bugzilla.redhat.com/show_bug.cgi?id=2391935
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c23727e694' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Nginx CGI 0.14 released

Kernel, mod_http, Python, and more updates for RHEL

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...