Fedora 41 Update: docker-buildkit-0.25.0-1.fc41
Fedora 41 Update: ibus-bamboo-0.8.4~RC6-2.fc41
Fedora 41 Update: wordpress-6.8.3-1.fc41
Fedora 41 Update: webkitgtk-2.50.0-2.fc41
Fedora 42 Update: docker-buildkit-0.25.0-1.fc42
Fedora 42 Update: pgadmin4-9.8-2.fc42
Fedora 42 Update: ibus-bamboo-0.8.4~RC6-2.fc42
Fedora 42 Update: wordpress-6.8.3-1.fc42
[SECURITY] Fedora 41 Update: docker-buildkit-0.25.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a88ad31d87
2025-10-10 01:03:42.967118+00:00
--------------------------------------------------------------------------------
Name : docker-buildkit
Product : Fedora 41
Version : 0.25.0
Release : 1.fc41
URL : https://github.com/moby/buildkit
Summary : Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Description :
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit.
--------------------------------------------------------------------------------
Update Information:
Update to release v0.25.0
Resolves: rhbz#2399354, rhbz#2399081, rhbz#2398678, rhbz#2398424
Upstream feature additions and fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.25.0-1
- Update to release v0.25.0
- Resolves: rhbz#2399354, rhbz#2399081, rhbz#2398678, rhbz#2398424
- Upstream feature additions and fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398424 - CVE-2025-47910 docker-buildkit: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398424
[ 2 ] Bug #2398678 - CVE-2025-47910 docker-buildkit: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398678
[ 3 ] Bug #2399081 - CVE-2025-47906 docker-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399081
[ 4 ] Bug #2399354 - CVE-2025-47906 docker-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399354
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a88ad31d87' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ibus-bamboo-0.8.4~RC6-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e3f99bf558
2025-10-10 01:03:42.967116+00:00
--------------------------------------------------------------------------------
Name : ibus-bamboo
Product : Fedora 41
Version : 0.8.4~RC6
Release : 2.fc41
URL : https://github.com/BambooEngine/ibus-bamboo
Summary : A Vietnamese input method for IBus
Description :
A Vietnamese IME for IBus using Bamboo Engine.
The open source Vietnamese keyboard supports most common encodings, popular
Vietnamese typing methods, smart diacritics, spell checking, shortcuts,...
--------------------------------------------------------------------------------
Update Information:
Rebuild with golang-1.24.7-1.fc41
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Takao Fujiwara [tfujiwar@redhat.com] - 0.8.4~RC6-2
- Resolves #2399237 Rebuild with golang-1.24.7-1.fc41
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399237 - CVE-2025-47906 ibus-bamboo: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399237
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e3f99bf558' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: wordpress-6.8.3-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-acd3e11344
2025-10-10 01:03:42.967102+00:00
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora 41
Version : 6.8.3
Release : 1.fc41
URL : https://wordpress.org/
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
WordPress 6.8.3 Release
Security updates included in this release:
A data exposure issue where authenticated users could access some restricted
content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and
Peter Wilson.
A cross-site scripting (XSS) vulnerability requiring an authenticated user role
that affects the nav menus. Reported by Phill Savage.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Remi Collet [remi@remirepo.net] - 6.8.3-1
- WordPress 6.8.3 Security Release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-acd3e11344' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: webkitgtk-2.50.0-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f2bfde9326
2025-10-10 01:03:42.967083+00:00
--------------------------------------------------------------------------------
Name : webkitgtk
Product : Fedora 41
Version : 2.50.0
Release : 2.fc41
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.
--------------------------------------------------------------------------------
Update Information:
Update to 2.50.0:
Improved rendering performance by recording each layer once and replaying every
dirty region in different worker threads.
Enable damage propagation to the UI process by default.
CSS property font-variant-emoji is now enabled by default.
Font synthesis properties (bold/italic) are now properly handled.
Ensure web view is focused on tap gesture.
Added new API to get the theme color of a WebKitWebView.
Fix CVE-2025-43272, CVE-2025-43342, CVE-2025-43356, CVE-2025-43368
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 22 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.50.0-2
- Fix build on s390x
* Fri Sep 19 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.50.0-1
- Update to 2.50.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2397880 - CVE-2025-43368 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397880
[ 2 ] Bug #2397885 - CVE-2025-43356 webkitgtk: A website may be able to access sensor information without user consent [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397885
[ 3 ] Bug #2397890 - CVE-2025-43342 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397890
[ 4 ] Bug #2397895 - CVE-2025-43272 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2397895
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f2bfde9326' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: docker-buildkit-0.25.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0226657320
2025-10-10 00:48:50.885587+00:00
--------------------------------------------------------------------------------
Name : docker-buildkit
Product : Fedora 42
Version : 0.25.0
Release : 1.fc42
URL : https://github.com/moby/buildkit
Summary : Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Description :
Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit.
--------------------------------------------------------------------------------
Update Information:
Update to release v0.25.0
Resolves: rhbz#2399354, rhbz#2399081, rhbz#2398678, rhbz#2398424
Upstream feature additions and fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.25.0-1
- Update to release v0.25.0
- Resolves: rhbz#2399354, rhbz#2399081, rhbz#2398678, rhbz#2398424
- Upstream feature additions and fixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398424 - CVE-2025-47910 docker-buildkit: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398424
[ 2 ] Bug #2398678 - CVE-2025-47910 docker-buildkit: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398678
[ 3 ] Bug #2399081 - CVE-2025-47906 docker-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399081
[ 4 ] Bug #2399354 - CVE-2025-47906 docker-buildkit: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399354
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0226657320' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: pgadmin4-9.8-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3c80b660e0
2025-10-10 00:48:50.885576+00:00
--------------------------------------------------------------------------------
Name : pgadmin4
Product : Fedora 42
Version : 9.8
Release : 2.fc42
URL : https://www.pgadmin.org/
Summary : Administration tool for PostgreSQL
Description :
pgAdmin is the most popular and feature rich Open Source administration and development
platform for PostgreSQL, the most advanced Open Source database in the world.
--------------------------------------------------------------------------------
Update Information:
Update to pgadmin-9.8. Fixes CVE-2025-9636.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 19 2025 Python Maint - 9.8-2
- Rebuilt for Python 3.14.0rc3 bytecode
* Mon Sep 8 2025 Sandro Mani [manisandro@gmail.com] - 9.8-1
- Update to 9.8
* Wed Sep 3 2025 Sandro Mani [manisandro@gmail.com] - 9.7-1
- Update to 9.7
* Fri Aug 15 2025 Python Maint - 9.6-4
- Rebuilt for Python 3.14.0rc2 bytecode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2393365 - CVE-2025-9636 pgadmin4: Cross-Origin Opener Policy Vulnerability in pgAdmin 4 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2393365
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3c80b660e0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: ibus-bamboo-0.8.4~RC6-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f07b4f8c0c
2025-10-10 00:48:50.885574+00:00
--------------------------------------------------------------------------------
Name : ibus-bamboo
Product : Fedora 42
Version : 0.8.4~RC6
Release : 2.fc42
URL : https://github.com/BambooEngine/ibus-bamboo
Summary : A Vietnamese input method for IBus
Description :
A Vietnamese IME for IBus using Bamboo Engine.
The open source Vietnamese keyboard supports most common encodings, popular
Vietnamese typing methods, smart diacritics, spell checking, shortcuts,...
--------------------------------------------------------------------------------
Update Information:
Rebuild with golang-1.24.7-1.fc42
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Takao Fujiwara [tfujiwar@redhat.com] - 0.8.4~RC6-2
- Resolves #2399510 Rebuild with golang-1.24.7-1.fc42
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399510 - CVE-2025-47906 ibus-bamboo: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399510
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f07b4f8c0c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: wordpress-6.8.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0fe3b1b7fc
2025-10-10 00:48:50.885550+00:00
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora 42
Version : 6.8.3
Release : 1.fc42
URL : https://wordpress.org/
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
WordPress 6.8.3 Release
Security updates included in this release:
A data exposure issue where authenticated users could access some restricted
content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and
Peter Wilson.
A cross-site scripting (XSS) vulnerability requiring an authenticated user role
that affects the nav menus. Reported by Phill Savage.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Remi Collet [remi@remirepo.net] - 6.8.3-1
- WordPress 6.8.3 Security Release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0fe3b1b7fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
