Fedora Linux 8997 Published by

Fedora Linux has been updated with various security enhancements, including Firefox, Dropbear, Gstreamer1-plugins-bad-free, and Python-Tornado:

Fedora 42 Update: firefox-139.0-1.fc42
Fedora 42 Update: python-tornado-6.4.1-3.fc42
Fedora 41 Update: dropbear-2025.88-1.fc41
Fedora 41 Update: gstreamer1-plugins-bad-free-1.24.11-2.fc41
Fedora 41 Update: python-tornado-6.3.3-9.fc41




[SECURITY] Fedora 42 Update: firefox-139.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-34badbe9b9
2025-05-31 02:04:13.209366+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 42
Version : 139.0
Release : 1.fc42
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream version (139.0)
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 27 2025 Martin Stransky [stransky@redhat.com] - 139.0-1
- Updated to 139.0
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-34badbe9b9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: python-tornado-6.4.1-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5320059879
2025-05-31 02:04:13.209209+00:00
--------------------------------------------------------------------------------

Name : python-tornado
Product : Fedora 42
Version : 6.4.1
Release : 3.fc42
URL : https://www.tornadoweb.org
Summary : Scalable, non-blocking web server and tools
Description :
Tornado is an open source version of the scalable, non-blocking web
server and tools.

The framework is distinct from most mainstream web server frameworks
(and certainly most Python frameworks) because it is non-blocking and
reasonably fast. Because it is non-blocking and uses epoll, it can
handle thousands of simultaneous standing connections, which means it is
ideal for real-time web services.

--------------------------------------------------------------------------------
Update Information:

This update contains the backported fix for CVE-2024-52804 (cookie parsing DoS
vuln).
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2025 Robby Callicotte [rcallicotte@fedoraproject.org] - 6.4.1-3
- Backported fix for CVE-2024-52804
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2367421 - CVE-2024-52804 python-tornado: Tornado has HTTP cookie parsing DoS vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367421
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5320059879' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: dropbear-2025.88-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-23ccf778c9
2025-05-31 01:33:18.713019+00:00
--------------------------------------------------------------------------------

Name : dropbear
Product : Fedora 41
Version : 2025.88
Release : 1.fc41
URL : https://matt.ucc.asn.au/dropbear/dropbear.html
Summary : Lightweight SSH server and client
Description :
Dropbear is a relatively small SSH server and client. It's particularly useful
for "embedded"-type Linux (or other Unix) systems, such as wireless routers.

--------------------------------------------------------------------------------
Update Information:

Update to 2025.88 (rhbz#2364904)
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 22 2025 Federico Pellegrin [fede@evolware.org] - 2025.88-1
- Update to 2025.88 (rhbz#2364904)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2364904 - CVE-2025-47203 dropbear: command injection via an untrusted hostname argument [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2364904
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-23ccf778c9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: gstreamer1-plugins-bad-free-1.24.11-2.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2a36564bd2
2025-05-31 01:33:18.713004+00:00
--------------------------------------------------------------------------------

Name : gstreamer1-plugins-bad-free
Product : Fedora 41
Version : 1.24.11
Release : 2.fc41
URL : http://gstreamer.freedesktop.org/
Summary : GStreamer streaming media framework "bad" plugins
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.

This package contains plug-ins that aren't tested well enough, or the code
is not of good enough quality.

--------------------------------------------------------------------------------
Update Information:

backport fix for CVE-2025-3887 (resolves rhbz#2367919)
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 22 2025 Dominik Mierzejewski [dominik@greysector.net] - 1.24.11-2
- backport fix for CVE-2025-3887 (resolves rhbz#2367919)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2367919 - CVE-2025-3887 GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2367919
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2a36564bd2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: python-tornado-6.3.3-9.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-db6e9bb7fb
2025-05-31 01:33:18.712928+00:00
--------------------------------------------------------------------------------

Name : python-tornado
Product : Fedora 41
Version : 6.3.3
Release : 9.fc41
URL : https://www.tornadoweb.org
Summary : Scalable, non-blocking web server and tools
Description :
Tornado is an open source version of the scalable, non-blocking web
server and tools.

The framework is distinct from most mainstream web server frameworks
(and certainly most Python frameworks) because it is non-blocking and
reasonably fast. Because it is non-blocking and uses epoll, it can
handle thousands of simultaneous standing connections, which means it is
ideal for real-time web services.

--------------------------------------------------------------------------------
Update Information:

This contains the backported fix for CVE-2024-52804 (cookie parsing DoS vuln)
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 20 2025 Robby Callicotte [rcallicotte@fedoraproject.org] - 6.3.3-9
- Backported fix for CVE-2024-52804
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2328101 - CVE-2024-52804 python-tornado: Tornado has HTTP cookie parsing DoS vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2328101
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-db6e9bb7fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--