Firefox, YarnPKG, Varnish, and more updates for Fedora

Fedora Linux 9174 Published by

Fedora Linux has received several security updates, including firefox, yarnpkg, mingw-opencv, moby-engine, webkitgtk, xen, and varnish:

Fedora 41 Update: firefox-141.0.2-1.fc41
Fedora 41 Update: yarnpkg-1.22.22-11.fc41
Fedora 41 Update: mingw-opencv-4.10.0-6.fc41
Fedora 41 Update: moby-engine-28.3.3-1.fc41
Fedora 42 Update: webkitgtk-2.48.5-1.fc42
Fedora 42 Update: xen-4.19.3-2.fc42
Fedora 42 Update: yarnpkg-1.22.22-11.fc42
Fedora 42 Update: mingw-opencv-4.10.0-6.fc42
Fedora 42 Update: moby-engine-28.3.3-1.fc42
Fedora 42 Update: varnish-7.6.1-6.fc42




[SECURITY] Fedora 41 Update: firefox-141.0.2-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-aacceb8e35
2025-08-08 01:11:45.710110+00:00
--------------------------------------------------------------------------------

Name : firefox
Product : Fedora 41
Version : 141.0.2
Release : 1.fc41
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

New upstream version (140.0.2)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 6 2025 Martin Stransky [stransky@redhat.com] - 141.0.2-1
- Updated to 141.0.2
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 141.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-aacceb8e35' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-11.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b19f3ed5f4
2025-08-08 01:11:45.710107+00:00
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 41
Version : 1.22.22
Release : 11.fc41
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Apply fixes for CVE-2025-8262 and CVE-2025-7783.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 30 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-11
- Refresh bundle
- Drop patches obsoleted by new bundle
- Add yarn-update-jest.prebundle.patch to update jest and avoid some vulerable dependencies
- Apply fixes for CVE-2025-8262 and CVE-2025-8263
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.22-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2382001 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2382001
[ 2 ] Bug #2382007 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2382007
[ 3 ] Bug #2382017 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2382017
[ 4 ] Bug #2382027 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2382027
[ 5 ] Bug #2383877 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2383877
[ 6 ] Bug #2383879 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2383879
[ 7 ] Bug #2383880 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2383880
[ 8 ] Bug #2383881 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383881
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b19f3ed5f4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: mingw-opencv-4.10.0-6.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d308a84c10
2025-08-08 01:11:45.710083+00:00
--------------------------------------------------------------------------------

Name : mingw-opencv
Product : Fedora 41
Version : 4.10.0
Release : 6.fc41
URL : https://opencv.org
Summary : MinGW Windows OpenCV library
Description :
MinGW Windows OpenCV library.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2025-53644.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 30 2025 Sandro Mani [manisandro@gmail.com] - 4.10.0-6
- Backport fix for CVE-2025-53644
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2381815 - CVE-2025-53644 mingw-opencv: OpenCV use after free [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381815
[ 2 ] Bug #2382632 - CVE-2025-53644 mingw-opencv: OpenCV use after free [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2382632
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d308a84c10' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: moby-engine-28.3.3-1.fc41


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-113fc513c3
2025-08-08 01:11:45.710055+00:00
--------------------------------------------------------------------------------

Name : moby-engine
Product : Fedora 41
Version : 28.3.3
Release : 1.fc41
URL : https://github.com/moby/moby
Summary : The open-source application container engine
Description :
Docker is an open source project to build, ship and run any application as a
lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest EC2 compute instance and
everything in between ??? and they do not require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.

--------------------------------------------------------------------------------
Update Information:

Update to release v28.3.3
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 29 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 28.3.3-1
- Update to release v28.3.3
- Resolves: rhbz#2384219
- Resolves: CVE-2025-54388 / GHSA-x4rx-4gw3-53p4
- Upstream fixes
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 28.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2384219 - moby-engine-28.3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2384219
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-113fc513c3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: webkitgtk-2.48.5-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-61ca72f430
2025-08-08 00:53:07.924008+00:00
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 42
Version : 2.48.5
Release : 1.fc42
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Update to 2.48.5. Changes since 2.48.3:
Improve emoji font selection.
Improve playback of multimedia streams from blob URLs.
Fix crash when using a WebKitWebView widget in an offscreen window.
Fix several crashes and rendering issues.
CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216,
CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 5 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.48.5-1
- Update to 2.48.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2386383 - CVE-2025-43265 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386383
[ 2 ] Bug #2386384 - CVE-2025-43227 webkitgtk: Processing maliciously crafted web content may disclose sensitive user information [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386384
[ 3 ] Bug #2386387 - CVE-2025-43216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386387
[ 4 ] Bug #2386390 - CVE-2025-43212 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386390
[ 5 ] Bug #2386397 - CVE-2025-43211 webkitgtk: Processing web content may lead to a denial-of-service [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386397
[ 6 ] Bug #2386406 - CVE-2025-31278 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386406
[ 7 ] Bug #2386409 - CVE-2025-31273 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386409
[ 8 ] Bug #2386415 - CVE-2025-43240 webkitgtk: A download???s origin may be incorrectly associated [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2386415
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-61ca72f430' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: xen-4.19.3-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ddaa63a0f5
2025-08-08 00:53:07.923997+00:00
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 42
Version : 4.19.3
Release : 2.fc42
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

update to xen-4.19.3
includes patches for
x86: Incorrect stubs exception handling for flags recovery [XSA-470,
CVE-2025-27465]
x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350,
CVE-2024-36357]
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 5 2025 Michael Young [m.a.young@durham.ac.uk] - 4.19.3-2
- update to xen-4.19.3
remove patches now included or superceded upstream
includes patches for
x86: Incorrect stubs exception handling for flags recovery [XSA-470,
CVE-2025-27465]
x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350,
CVE-2024-36357]
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2381572 - CVE-2025-27465 xen: Xen: Incorrect Exception Handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2381572
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ddaa63a0f5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-11.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-cf39a93e95
2025-08-08 00:53:07.923982+00:00
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 42
Version : 1.22.22
Release : 11.fc42
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Apply fixes for CVE-2025-8262 and CVE-2025-7783.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 30 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-11
- Refresh bundle
- Drop patches obsoleted by new bundle
- Add yarn-update-jest.prebundle.patch to update jest and avoid some vulerable dependencies
- Apply fixes for CVE-2025-8262 and CVE-2025-8263
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.22.22-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2382001 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2382001
[ 2 ] Bug #2382007 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2382007
[ 3 ] Bug #2382017 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2382017
[ 4 ] Bug #2382027 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2382027
[ 5 ] Bug #2383877 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2383877
[ 6 ] Bug #2383879 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2383879
[ 7 ] Bug #2383880 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2383880
[ 8 ] Bug #2383881 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383881
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-cf39a93e95' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: mingw-opencv-4.10.0-6.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-30f3152e31
2025-08-08 00:53:07.923963+00:00
--------------------------------------------------------------------------------

Name : mingw-opencv
Product : Fedora 42
Version : 4.10.0
Release : 6.fc42
URL : https://opencv.org
Summary : MinGW Windows OpenCV library
Description :
MinGW Windows OpenCV library.

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2025-53644.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 30 2025 Sandro Mani [manisandro@gmail.com] - 4.10.0-6
- Backport fix for CVE-2025-53644
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2381815 - CVE-2025-53644 mingw-opencv: OpenCV use after free [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381815
[ 2 ] Bug #2382632 - CVE-2025-53644 mingw-opencv: OpenCV use after free [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2382632
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-30f3152e31' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: moby-engine-28.3.3-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9e2840094a
2025-08-08 00:53:07.923924+00:00
--------------------------------------------------------------------------------

Name : moby-engine
Product : Fedora 42
Version : 28.3.3
Release : 1.fc42
URL : https://github.com/moby/moby
Summary : The open-source application container engine
Description :
Docker is an open source project to build, ship and run any application as a
lightweight container.

Docker containers are both hardware-agnostic and platform-agnostic. This means
they can run anywhere, from your laptop to the largest EC2 compute instance and
everything in between ??? and they do not require you to use a particular
language, framework or packaging system. That makes them great building blocks
for deploying and scaling web apps, databases, and backend services without
depending on a particular stack or provider.

--------------------------------------------------------------------------------
Update Information:

Update to release v28.3.3
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 29 2025 Bradley G Smith [bradley.g.smith@gmail.com] - 28.3.3-1
- Update to release v28.3.3
- Resolves: rhbz#2384219
- Resolves: CVE-2025-54388 / GHSA-x4rx-4gw3-53p4
- Upstream fixes
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 28.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2384219 - moby-engine-28.3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2384219
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9e2840094a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



[SECURITY] Fedora 42 Update: varnish-7.6.1-6.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-525d870026
2025-08-08 00:53:07.923873+00:00
--------------------------------------------------------------------------------

Name : varnish
Product : Fedora 42
Version : 7.6.1
Release : 6.fc42
URL : https://www.varnish-cache.org/
Summary : High-performance HTTP accelerator
Description :
This is Varnish Cache, a high-performance HTTP accelerator.

Varnish Cache stores web pages in memory so web servers don???t have to
create the same web page over and over again. Varnish Cache serves
pages much faster than any application server; giving the website a
significant speed up.

Documentation wiki and additional information about Varnish Cache is
available on: https://www.varnish-cache.org/

--------------------------------------------------------------------------------
Update Information:

Security: This update includes fixes for CVE-2025-47905 aka VSV00016: A client-
side desync vulnerability can be triggered in Varnish Cache. This vulnerability
can be triggered under specific circumstances involving malformed HTTP/1 chunked
requests.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 30 2025 Ingvar Hagelund - 7.6.1-6
- Added security patch for VSV00016 aka CVE-2025-47905, rhbz#2369404
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2369404 - CVE-2025-47905 varnish: request smuggling attacks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369404
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-525d870026' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


LACT 0.8.1 released

LibXML2, Satellite, Quarkus, and more updates for RHEL

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...