Fedora has released security updates for three packages: docker-buildx-0.27.0, exiv2-0.28.6, and chromium-139.0.7258.154, all part of Fedora 41 or 42. The docker-buildx update fixes issues with BuildKit and resolves several bugs, while the exiv2 update patches a silent ABI change introduced in version 0.28.6 to prevent crashes and improves performance. Meanwhile, the Chromium update addresses a use-after-free vulnerability in ANGLE (CVE-2025-9478).

Fedora 41 Update: docker-buildx-0.27.0-1.fc41
Fedora 42 Update: exiv2-0.28.6-2.fc42
Fedora 42 Update: chromium-139.0.7258.154-1.fc42

[SECURITY] Fedora 41 Update: docker-buildx-0.27.0-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4e0d9fb468
2025-09-01 01:09:33.237369+00:00
--------------------------------------------------------------------------------

Name : docker-buildx
Product : Fedora 41
Version : 0.27.0
Release : 1.fc41
URL : https://github.com/docker/buildx
Summary : Docker CLI plugin for extended build capabilities with BuildKit
Description :
Docker CLI plugin for extended build capabilities with BuildKit.

--------------------------------------------------------------------------------
Update Information:

Update to release v0.27.0
Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154
Upstream new features and fixes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 20 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.27.0-1
- Update to release v0.27.0
- Resolves: rhvz#2388453, rhbz#2384137, rhbz#2384154
- Upstream new features and fixes
* Sun Aug 17 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 0.26.1-6
- Remove temporary fix for go 1.25 rc2
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.26.1-5
- Rebuild for golang-1.25.0
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.26.1-4
- Revert "Rebuild for golang-1.25.0"
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.26.1-3
- Rebuild for golang-1.25.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2384137 - docker-buildx: go-viper information leak [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384137
[ 2 ] Bug #2384154 - docker-buildx: go-viper information leak [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384154
[ 3 ] Bug #2388453 - docker-buildx-0.27.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2388453
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4e0d9fb468' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: exiv2-0.28.6-2.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-387e64c9fd
2025-09-01 00:50:28.877933+00:00
--------------------------------------------------------------------------------

Name : exiv2
Product : Fedora 42
Version : 0.28.6
Release : 2.fc42
URL : http://www.exiv2.org/
Summary : Exif, IPTC and XMP metadata manipulation library
Description :
A command line utility to access image metadata, allowing one to:
* print the Exif metadata of Jpeg images as summary info, interpreted values,
or the plain data for each tag
* print the Iptc metadata of Jpeg images
* print the Jpeg comment of Jpeg images
* set, add and delete Exif and Iptc metadata of Jpeg images
* adjust the Exif timestamp (that's how it all started...)
* rename Exif image files according to the Exif timestamp
* extract, insert and delete Exif metadata (including thumbnails),
Iptc metadata and Jpeg comments

--------------------------------------------------------------------------------
Update Information:

Exiv2 0.28.6 + patch to fix silent abi breakage
Exiv2 v0.28.6 (Fixes two low severity CVEs)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 31 2025 Steve Cossette [farchord@gmail.com] - 0.28.6-2
- Make methods non-virtual (Fix for a silent ABI change introduced in
0.28.6)
* Fri Aug 29 2025 Steve Cossette [farchord@gmail.com] - 0.28.6-1
- 0.28.6
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.28.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2391817 - CVE-2025-54080 exiv2: Exiv2 Segmentation Faults [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391817
[ 2 ] Bug #2391838 - CVE-2025-55304 exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2391838
[ 3 ] Bug #2391902 - exiv2-0.28.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2391902
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-387e64c9fd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: chromium-139.0.7258.154-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ad180e88ee
2025-09-01 00:50:28.877915+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 139.0.7258.154
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 139.0.7258.154
CVE-2025-9478: Use after free in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug 28 2025 Than Ngo [than@redhat.com] - 139.0.7258.154-1
- Update to 139.0.7258.154
* CVE-2025-9478: Use after free in ANGLE
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ad180e88ee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--