Fedora 41, Fedora 42, and Fedora 43 Beta (RC) have received security updates. For Fedora 41, a kernel update (6.16.7-100.fc41) has been released to mitigate the VMSCAPE vulnerability on x86 CPUs, assigned CVE-2025-40300. For Fedora 42 and Fedora 43, Chromium browser updates have been released to address multiple vulnerabilities, including use-after-free issues in Serviceworker and ANGLE, as well as inappropriate implementation issues in Mojo and Extensions. Additionally, Fedora 43 Beta (RC) has received updates for the Forgejo software forge (version 12.0.2-1.fc43), which is a lightweight software forge, and the UDisks2 disk manager (version 2.10.91-1.fc43), which addresses an out-of-bounds read vulnerability in the UDisks daemon.

Fedora 41 Update: kernel-6.16.7-100.fc41
Fedora 42 Update: chromium-140.0.7339.127-1.fc42
Fedora 43 Update: chromium-140.0.7339.80-1.fc43
Fedora 43 Update: forgejo-12.0.2-1.fc43
Fedora 43 Update: udisks2-2.10.91-1.fc43

[SECURITY] Fedora 41 Update: kernel-6.16.7-100.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4f0872847c
2025-09-14 01:34:47.455914+00:00
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 41
Version : 6.16.7
Release : 100.fc41
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.16.7 stable kernel updates contain mitigation for the VMSCAPE
vulnerability on x86 CPUs. This has been assigned CVE-2025-40300
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2025 Justin M. Forbes [jforbes@fedoraproject.org] [6.16.7-0]
- Turn on vmscape mitigation for x86 (Justin M. Forbes)
- Linux v6.16.7
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4f0872847c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 42 Update: chromium-140.0.7339.127-1.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c73675b464
2025-09-14 00:56:09.039872+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 42
Version : 140.0.7339.127
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 140.0.7339.127
CVE-2025-10200: Use after free in Serviceworker
CVE-2025-10201: Inappropriate implementation in Mojo
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 11 2025 Than Ngo [than@redhat.com] - 140.0.7339.127-1
- Update to 140.0.7339.127
* CVE-2025-10200: Use after free in Serviceworker
* CVE-2025-10201: Inappropriate implementation in Mojo
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2390725 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2390725
[ 2 ] Bug #2392286 - CVE-2025-9478 chromium: Use after free in ANGLE [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2392286
[ 3 ] Bug #2392293 - CVE-2025-9478 chromium: Use after free in ANGLE [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2392293
[ 4 ] Bug #2393035 - CVE-2025-9864 chromium: Use after free in Cast in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393035
[ 5 ] Bug #2393036 - CVE-2025-9864 chromium: Use after free in Cast in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393036
[ 6 ] Bug #2393051 - CVE-2025-9866 chromium: Inappropriate implementation in Extensions in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393051
[ 7 ] Bug #2393052 - CVE-2025-9866 chromium: Inappropriate implementation in Extensions in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2393052
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c73675b464' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: chromium-140.0.7339.80-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e8d34c61f8
2025-09-14 00:15:28.906623+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 43
Version : 140.0.7339.80
Release : 1.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 140.0.7339.80
CVE-2025-9864: Use after free in V8
CVE-2025-9865: Inappropriate implementation in Toolbar
CVE-2025-9866: Inappropriate implementation in Extensions
CVE-2025-9867: Inappropriate implementation in Downloads
Update to 139.0.7258.154
CVE-2025-9478: Use after free in ANGLE
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 3 2025 Than Ngo [than@redhat.com] - 140.0.7339.80-1
- Update to 140.0.7339.80
* CVE-2025-9864: Use after free in V8
* CVE-2025-9865: Inappropriate implementation in Toolbar
* CVE-2025-9866: Inappropriate implementation in Extensions
CVE-2025-9867: Inappropriate implementation in Downloads
* Thu Aug 28 2025 Than Ngo [than@redhat.com] - 139.0.7258.154-1
- Update to 139.0.7258.154
* CVE-2025-9478: Use after free in ANGLE
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2390724 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2390724
[ 2 ] Bug #2390727 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2390727
[ 3 ] Bug #2390730 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2390730
[ 4 ] Bug #2390732 - CVE-2025-4609 chromium: Incorrect handle provided in unspecified circumstances in Mojo [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390732
[ 5 ] Bug #2392285 - CVE-2025-9478 chromium: Use after free in ANGLE [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2392285
[ 6 ] Bug #2392288 - CVE-2025-9478 chromium: Use after free in ANGLE [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2392288
[ 7 ] Bug #2392291 - CVE-2025-9478 chromium: Use after free in ANGLE [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2392291
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e8d34c61f8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 43 Update: forgejo-12.0.2-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-210aed9692
2025-09-14 00:15:28.906619+00:00
--------------------------------------------------------------------------------

Name : forgejo
Product : Fedora 43
Version : 12.0.2
Release : 1.fc43
URL : https://forgejo.org
Summary : A lightweight software forge
Description :
Forgejo (pronounced /for??d????e.jo/) is a lightweight software forge. Use it to
host git repositories, track their issues and allow people to contribute to
them!

--------------------------------------------------------------------------------
Update Information:

This is an upstream bugfix release. Please refer to the upstream release notes
for details about changes in this version.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 4 2025 Nils Philippsen [nils@redhat.com] - 12.0.2-1
- Update to version 12.0.2
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-210aed9692' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

[SECURITY] Fedora 43 Update: udisks2-2.10.91-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-489ce6ee97
2025-09-14 00:15:28.906558+00:00
--------------------------------------------------------------------------------

Name : udisks2
Product : Fedora 43
Version : 2.10.91
Release : 1.fc43
URL : https://github.com/storaged-project/udisks
Summary : Disk Manager
Description :
The Udisks project provides a daemon, tools and libraries to access and
manipulate disks, storage devices and technologies.

--------------------------------------------------------------------------------
Update Information:

CVE-2025-8067 Out-Of-Bounds Read in UDisks Daemon
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 29 2025 Tomas Bzatek [tbzatek@redhat.com] - 2.10.91-1
- Version 2.10.91
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-489ce6ee97' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--