Fedora 42 Update: httpd-2.4.64-1.fc42
Fedora 42 Update: cef-138.0.15^chromium138.0.7204.92-3.fc42
Fedora 42 Update: gnutls-3.8.10-1.fc42
Fedora 42 Update: python3.6-3.6.15-47.fc42
Fedora 42 Update: selenium-manager-4.34.0-2.fc42
Fedora 42 Update: php-8.4.10-1.fc42
Fedora 41 Update: perl-5.40.2-516.fc41
Fedora 41 Update: git-2.50.1-1.fc41
Fedora 41 Update: python-requests-2.32.4-1.fc41
Fedora 41 Update: python3.6-3.6.15-47.fc41
Fedora 41 Update: selenium-manager-4.34.0-2.fc41
Fedora 41 Update: php-8.3.23-1.fc41
[SECURITY] Fedora 42 Update: httpd-2.4.64-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6d7a183951
2025-07-13 04:19:28.747459+00:00
--------------------------------------------------------------------------------
Name : httpd
Product : Fedora 42
Version : 2.4.64
Release : 1.fc42
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
--------------------------------------------------------------------------------
Update Information:
New httpd 2.4.64 release + security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 2.4.64-1
- new version 2.4.64
* Tue Jun 24 2025 Joe Orton [jorton@redhat.com] - 2.4.63-4
- mod_dav: add dav_get_base_path() API
* Mon Feb 10 2025 Joe Orton [jorton@redhat.com] - 2.4.63-3
- sync default httpd.conf with upstream
* Sat Feb 1 2025 Bj??rn Esser [besser82@fedoraproject.org] - 2.4.63-2
- Add explicit BR: libxcrypt-devel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2379347 - CVE-2025-53020 httpd: Apache HTTP Server Memory Exhaustion [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2379347
[ 2 ] Bug #2379348 - CVE-2025-53020 httpd: Apache HTTP Server Memory Exhaustion [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2379348
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6d7a183951' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: cef-138.0.15^chromium138.0.7204.92-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-282f181e6f
2025-07-13 04:19:28.747439+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 138.0.15^chromium138.0.7204.92
Release : 3.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to chromium 138.0.7204.92
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 6 2025 Asahi Lina [lina@asahilina.net] - 138.0.15^chromium138.0.7204.92-3
- Do not strip debug info from libraries
* Fri Jul 4 2025 Asahi Lina [lina@asahilina.net] - 138.0.15^chromium138.0.7204.92-2
- Enable building debuginfo package
* Fri Jul 4 2025 Than Ngo [than@redhat.com] - 138.0.15^chromium138.0.7204.92-1
- Update to 138.0.7204.92
- * High CVE-2025-6554: Type Confusion in V8
* Fri Jul 4 2025 Asahi Lina [lina@asahilina.net] - 138.0.15^chromium138.0.7204.49-4
- Disable some Chromium features not appropriate for CEF
* Fri Jul 4 2025 Asahi Lina [lina@asahilina.net] - 138.0.15^chromium138.0.7204.49-1
- Update to cef-138.0.15+gd0f1f64
- Than Ngo [than@redhat.com]: Update to 138.0.7204.49
- * CVE-2025-6555: Use after free in Animation
- * CVE-2025-6556: Insufficient policy enforcement in Loader
- * CVE-2025-6557: Insufficient data validation in DevTools
* Wed Jul 2 2025 Than Ngo [than@redhat.com] - 137.0.17^chromium137.0.7151.119-1
- Update to 137.0.7151.119
- * CVE-2025-6191: Integer overflow in V8
- * CVE-2025-6192: Use after free in Profiler
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2374537 - cef-138.0.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2374537
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-282f181e6f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: gnutls-3.8.10-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-16a24364ce
2025-07-13 04:19:28.747444+00:00
--------------------------------------------------------------------------------
Name : gnutls
Product : Fedora 42
Version : 3.8.10
Release : 1.fc42
URL : http://www.gnutls.org/
Summary : A TLS protocol implementation
Description :
GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
protocols and technologies around them. It provides a simple C language
application programming interface (API) to access the secure communications
protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
other required structures.
--------------------------------------------------------------------------------
Update Information:
This updates gnutls to the latest upstream release. Notable changes are:
PKCS#11 cryptographic provider support
Support for kTLS rekeying with kernel 6.14+
Support for the almost standardized ML-DSA private key formats
This also fixes 4 CVEs (CVE-2025-32989, CVE-2025-6395, CVE-2025-32988, and
CVE-2025-32990).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2025 Daiki Ueno [dueno@redhat.com] - 3.8.10-1
- Update to 3.8.10 upstream release
* Fri Jul 11 2025 Yaakov Selkowitz [yselkowi@redhat.com] - 3.8.9-5
- Fix build on kernel 6.14+
* Fri Jul 11 2025 Daiki Ueno [dueno@redhat.com] - 3.8.9-4
- Update leancrypto to 1.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2378952 - gnutls-3.8.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2378952
[ 2 ] Bug #2379272 - CVE-2025-32990 gnutls: Vulnerability in GnuTLS certtool template parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2379272
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-16a24364ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python3.6-3.6.15-47.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-266a1353a1
2025-07-13 04:19:28.747386+00:00
--------------------------------------------------------------------------------
Name : python3.6
Product : Fedora 42
Version : 3.6.15
Release : 47.fc42
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718,
CVE-2025-4435
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 26 2025 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-47
- Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-266a1353a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: selenium-manager-4.34.0-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-89abd49c4a
2025-07-13 04:19:28.747372+00:00
--------------------------------------------------------------------------------
Name : selenium-manager
Product : Fedora 42
Version : 4.34.0
Release : 2.fc42
URL : https://github.com/SeleniumHQ/selenium
Summary : Automated driver and browser management for Selenium
Description :
Selenium Manager is a command-line tool implemented in Rust
that provides automated driver and browser management for Selenium.
--------------------------------------------------------------------------------
Update Information:
Update to version 4.34.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 3 2025 tjuhasz [tjuhasz@redhat.com] - 4.34.0-1
- Update to version 4.34.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364898 - CVE-2025-46551 selenium-manager: JRuby-OpenSSL has hostname verification disabled by default [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2364898
[ 2 ] Bug #2364899 - CVE-2025-46551 selenium-manager: JRuby-OpenSSL has hostname verification disabled by default [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2364899
[ 3 ] Bug #2368305 - selenium-manager-4.34.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2368305
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-89abd49c4a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: php-8.4.10-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2c344545bf
2025-07-13 04:19:28.747341+00:00
--------------------------------------------------------------------------------
Name : php
Product : Fedora 42
Version : 8.4.10
Release : 1.fc42
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
PHP version 8.4.10 (03 Jul 2025)
BcMath:
Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes).
(nielsdos)
Core:
Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute
evaluation) and GH-18464 (Recursion protection for deprecation constants not
released on bailout). (DanielEScherzer and ilutov)
Fixed GH-18695 (zend_ast_export() - float number is not preserved). (Oleg
Efimov)
Fix handling of references in zval_try_get_long(). (nielsdos)
Do not delete main chunk in zend_gc. (danog, Arnaud)
Fix compile issues with zend_alloc and some non-default options. (nielsdos)
Curl:
Fix memory leak when setting a list via curl_setopt fails. (nielsdos)
Date:
Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)
DOM:
Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by clone
keyword). (nielsdos)
FPM:
Fixed GH-18662 (fpm_get_status segfault). (txuna)
Hash:
Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos)
Intl:
Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
Fix memory leak in locale lookup on failure. (nielsdos)
Opcache:
Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).
(nielsdos, Arnaud)
ODBC:
Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)
OpenSSL:
Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
(nielsdos)
Fixed bug php#74796 (Requests through http proxy set peer name). (Jakub Zelenka)
PGSQL:
Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during
escaping). (CVE-2025-1735) (Jakub Zelenka)
PDO ODBC:
Fix memory leak if WideCharToMultiByte() fails. (nielsdos)
PDO Sqlite:
Fixed memory leak with Pdo_Sqlite::createCollation when the callback has an
incorrect return type. (David Carlier)
Phar:
Add missing filter cleanups on phar failure. (nielsdos)
Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos)
PHPDBG:
Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)
PGSQL:
Fix warning not being emitted when failure to cancel a query with
pg_cancel_query(). (Girgias)
Random:
Fix reference type confusion and leak in user random engine. (nielsdos,
timwolla)
Readline:
Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos)
SimpleXML:
Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning string
with UTF-8 bytes). (nielsdos)
SOAP:
Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via
Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos)
Standard:
Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)
(Jakub Zelenka)
Tidy:
Fix memory leak in tidy output handler on error. (nielsdos)
Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 2 2025 Remi Collet [remi@remirepo.net] - 8.4.10-1
- Update to 8.4.10 - http://www.php.net/releases/8_4_10.php
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2c344545bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: perl-5.40.2-516.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f142899732
2025-07-13 02:56:45.883771+00:00
--------------------------------------------------------------------------------
Name : perl
Product : Fedora 41
Version : 5.40.2
Release : 516.fc41
URL : https://www.perl.org/
Summary : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting. Perl is good at handling processes and files, and is especially
good at handling text. Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.
This is a metapackage with all the Perl bits and core modules that can be
found in the upstream tarball from perl.org.
If you need only a specific feature, you can install a specific package
instead. E.g. to handle Perl scripts with /usr/bin/perl interpreter,
install perl-interpreter package. See perl-interpreter description for more
details on the Perl decomposition into packages.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2025-40909 - Clone dirhandles without fchdir
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 9 2025 Jitka Plesnikova [jplesnik@redhat.com] - 4:5.40.2-516
- Fixes: CVE-2025-40909 - Clone dirhandles without fchdir
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369463 - CVE-2025-40909 perl: Perl threads have a working directory race condition where file operations may target unintended paths [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2369463
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f142899732' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: git-2.50.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0b7e43532e
2025-07-13 02:56:45.883759+00:00
--------------------------------------------------------------------------------
Name : git
Product : Fedora 41
Version : 2.50.1
Release : 1.fc41
URL : https://git-scm.com/
Summary : Fast Version Control System
Description :
Git is a fast, scalable, distributed revision control system with an
unusually rich command set that provides both high-level operations
and full access to internals.
The git rpm installs common set of tools which are usually using with
small amount of dependencies. To install all git packages, including
tools for integrating with other SCMs, install the git-all meta-package.
--------------------------------------------------------------------------------
Update Information:
update to 2.50.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 8 2025 Ond??ej Poho??elsk?? [opohorel@redhat.com] - 2.50.1-1
- update to 2.50.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2378817 - CVE-2025-48384 git: Git arbitrary code execution [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2378817
[ 2 ] Bug #2378821 - CVE-2025-48386 git: Git buffer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2378821
[ 3 ] Bug #2378825 - CVE-2025-48385 git: Git arbitrary file writes [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2378825
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0b7e43532e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: python-requests-2.32.4-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d8f9b425fa
2025-07-13 02:56:45.883746+00:00
--------------------------------------------------------------------------------
Name : python-requests
Product : Fedora 41
Version : 2.32.4
Release : 1.fc41
URL : https://pypi.io/project/requests
Summary : HTTP library, written in Python, for human beings
Description :
Most existing Python modules for sending HTTP requests are extremely verbose and
cumbersome. Python???s built-in urllib2 module provides most of the HTTP
capabilities you should need, but the API is thoroughly broken. This library is
designed to make HTTP requests easy for developers.
--------------------------------------------------------------------------------
Update Information:
Update to 2.32.4
Security fix for CVE-2024-47081: .netrc credentials leak via malicious URLs
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 7 2025 Miro Hron??ok [miro@hroncok.cz] - 2.32.4-1
- Update to 2.32.4
- Security fix for CVE-2024-47081: .netrc credentials leak via malicious
URLs
* Wed Jun 4 2025 Python Maint - 2.32.3-14
- Rebuilt for Python 3.14
* Tue Jun 3 2025 Python Maint - 2.32.3-13
- Bootstrap for Python 3.14
* Tue Apr 15 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.32.3-5
- Backport test-cert. fixes for urllib3 2.4.0 compatibility
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.32.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2371255 - python-requests-2.32.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2371255
[ 2 ] Bug #2375884 - CVE-2024-47081 python-requests: Requests vulnerable to .netrc credentials leak via malicious URLs [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2375884
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d8f9b425fa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: python3.6-3.6.15-47.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a8abfbb35c
2025-07-13 02:56:45.883707+00:00
--------------------------------------------------------------------------------
Name : python3.6
Product : Fedora 41
Version : 3.6.15
Release : 47.fc41
URL : https://www.python.org/
Summary : Version 3.6 of the Python interpreter
Description :
Python 3.6 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.6, see other distributions
that support it, such as CentOS or RHEL with Software Collections
or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718,
CVE-2025-4435
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 26 2025 Lum??r Balhar [lbalhar@redhat.com] - 3.6.15-47
- Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a8abfbb35c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: selenium-manager-4.34.0-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-dda04d7a84
2025-07-13 02:56:45.883692+00:00
--------------------------------------------------------------------------------
Name : selenium-manager
Product : Fedora 41
Version : 4.34.0
Release : 2.fc41
URL : https://github.com/SeleniumHQ/selenium
Summary : Automated driver and browser management for Selenium
Description :
Selenium Manager is a command-line tool implemented in Rust
that provides automated driver and browser management for Selenium.
--------------------------------------------------------------------------------
Update Information:
Update to version 4.34.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 3 2025 tjuhasz [tjuhasz@redhat.com] - 4.34.0-1
- Update to version 4.34.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364898 - CVE-2025-46551 selenium-manager: JRuby-OpenSSL has hostname verification disabled by default [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2364898
[ 2 ] Bug #2364899 - CVE-2025-46551 selenium-manager: JRuby-OpenSSL has hostname verification disabled by default [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2364899
[ 3 ] Bug #2368305 - selenium-manager-4.34.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2368305
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-dda04d7a84' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: php-8.3.23-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-da047483d8
2025-07-13 02:56:45.883677+00:00
--------------------------------------------------------------------------------
Name : php
Product : Fedora 41
Version : 8.3.23
Release : 1.fc41
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
PHP version 8.3.23 (03 Jul 2025)
Core:
Fixed GH-18695 (zend_ast_export() - float number is not preserved). (Oleg
Efimov)
Do not delete main chunk in zend_gc. (danog, Arnaud)
Fix compile issues with zend_alloc and some non-default options. (nielsdos)
Curl:
Fix memory leak when setting a list via curl_setopt fails. (nielsdos)
Fix incorrect OpenSSL version detection. (Peter Kokot)
Date:
Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)
FPM:
Fixed GH-18662 (fpm_get_status segfault). (txuna)
Hash:
Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos)
Intl:
Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
Fix memory leak in locale lookup on failure. (nielsdos)
ODBC:
Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)
Opcache:
Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).
(nielsdos, Arnaud)
OpenSSL:
Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
(nielsdos)
Fixed bug php#74796 (Requests through http proxy set peer name). (Jakub Zelenka)
PGSQL:
Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during
escaping). (CVE-2025-1735) (Jakub Zelenka)
Phar:
Add missing filter cleanups on phar failure. (nielsdos)
Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos)
PHPDBG:
Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)
PDO ODBC:
Fix memory leak if WideCharToMultiByte() fails. (nielsdos)
PGSQL:
Fix warning not being emitted when failure to cancel a query with
pg_cancel_query(). (Girgias)
Random:
Fix reference type confusion and leak in user random engine. (nielsdos,
timwolla)
Readline:
Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos)
SOAP:
Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via
Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos)
Standard:
Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)
(Jakub Zelenka)
Tidy:
Fix memory leak in tidy output handler on error. (nielsdos)
Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 2 2025 Remi Collet [remi@remirepo.net] - 8.3.23-1
- Update to 8.3.23 - http://www.php.net/releases/8_3_23.php
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-da047483d8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
