Fedora 41 Update: libvpx-1.15.0-3.fc41
Fedora 41 Update: samba-4.21.6-1.fc41
Fedora 41 Update: fcgi-2.4.0-52.fc41
Fedora 41 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-3.fc41
Fedora 41 Update: mingw-libsoup-2.74.3-12.fc41
Fedora 41 Update: coreutils-9.5-12.fc41
Fedora 41 Update: ghostscript-10.03.1-7.fc41
Fedora 42 Update: fcgi-2.4.0-52.fc42
Fedora 42 Update: mingw-libsoup-2.74.3-12.fc42
Fedora 42 Update: mingw-gstreamer1-plugins-bad-free-1.25.1-3.fc42
Fedora 42 Update: samba-4.22.2-1.fc42
Fedora 42 Update: chromium-137.0.7151.68-1.fc42
Fedora 42 Update: mod_security-2.9.9-1.fc42
Fedora 41 Update: chromium-137.0.7151.68-1.fc41
Fedora 41 Update: mod_security-2.9.9-1.fc41
[SECURITY] Fedora 41 Update: libvpx-1.15.0-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-15220f1411
2025-06-08 02:30:29.772019+00:00
--------------------------------------------------------------------------------
Name : libvpx
Product : Fedora 41
Version : 1.15.0
Release : 3.fc41
URL : http://www.webmproject.org/code/
Summary : VP8/VP9 Video Codec SDK
Description :
libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications
with the VP8 and VP9 video codecs, high quality, royalty free, open source codecs
deployed on millions of computers and devices worldwide.
--------------------------------------------------------------------------------
Update Information:
Add patch for double free
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2025 Wim Taymans [wtaymans@redhat.com] - 1.15.0-3
- Add patch for double free
Resolves: rhbz#2368931
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.15.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Jan 14 2025 Pete Walter [pwalter@fedoraproject.org] - 1.15.0-1
- Update to 1.15.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368931 - CVE-2025-5262 libvpx: Double-free in libvpx encoder [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368931
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-15220f1411' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: samba-4.21.6-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c9b7df0f0d
2025-06-08 02:30:29.772014+00:00
--------------------------------------------------------------------------------
Name : samba
Product : Fedora 41
Version : 4.21.6
Release : 1.fc41
URL : https://www.samba.org
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.
--------------------------------------------------------------------------------
Update Information:
Update to version 4.21.6
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2025 G??nther Deschner [gd@samba.org] - 2:4.21.6-1
- Update to version 4.21.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370454 - CVE-2025-0620 samba: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370454
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c9b7df0f0d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: fcgi-2.4.0-52.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bf22da3848
2025-06-08 02:30:29.771940+00:00
--------------------------------------------------------------------------------
Name : fcgi
Product : Fedora 41
Version : 2.4.0
Release : 52.fc41
URL : http://www.fastcgi.com/#TheDevKit
Summary : FastCGI development kit
Description :
FastCGI is a language independent, scalable, open extension to CGI that
provides high performance without the limitations of server specific APIs.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-23016
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 2.4.0-52
- Fix CVE-2025-23016
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.4.0-51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369269 - CVE-2025-23016 FastCGI integer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2369269
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bf22da3848' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-802ec573e7
2025-06-08 02:30:29.771905+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 41
Version : 1.24.10
Release : 3.fc41
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins "bad"
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-3887.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2025 Sandro Mani [manisandro@gmail.com] - 1.24.10-3
- Backport patch for CVE-2025-3887
* Fri May 30 2025 Sandro Mani [manisandro@gmail.com] - 1.24.10-2
- Backport fix for CVE-2025-3887
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367931 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367931
[ 2 ] Bug #2367933 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367933
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-802ec573e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-libsoup-2.74.3-12.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3b89fef0f9
2025-06-08 02:30:29.771899+00:00
--------------------------------------------------------------------------------
Name : mingw-libsoup
Product : Fedora 41
Version : 2.74.3
Release : 12.fc41
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420,
CVE-2025-46421, CVE-2025-4945
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-12
- Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969,
CVE-2025-46420, CVE-2025-46421, CVE-2025-4945
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357076 - CVE-2025-32049 mingw-libsoup: Denial of Service attack to websocket server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357076
[ 2 ] Bug #2361967 - CVE-2025-46420 mingw-libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2361967
[ 3 ] Bug #2361969 - CVE-2025-46421 mingw-libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2361969
[ 4 ] Bug #2366519 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366519
[ 5 ] Bug #2366523 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366523
[ 6 ] Bug #2367178 - CVE-2025-4945 mingw-libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367178
[ 7 ] Bug #2367190 - CVE-2025-4948 mingw-libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367190
[ 8 ] Bug #2367555 - CVE-2025-4969 mingw-libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367555
[ 9 ] Bug #2367558 - CVE-2025-4969 mingw-libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367558
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3b89fef0f9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: coreutils-9.5-12.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f344084b93
2025-06-08 02:30:29.771883+00:00
--------------------------------------------------------------------------------
Name : coreutils
Product : Fedora 41
Version : 9.5
Release : 12.fc41
URL : https://www.gnu.org/software/coreutils/
Summary : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities. This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.
--------------------------------------------------------------------------------
Update Information:
sort: fix buffer under-read (CVE-2025-5278)
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 28 2025 Luk???? Zaoral [lzaoral@redhat.com] - 9.5-12
- sort: fix buffer under-read (CVE-2025-5278)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368766 - CVE-2025-5278 coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2368766
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f344084b93' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: ghostscript-10.03.1-7.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5be02d3285
2025-06-08 02:30:29.771849+00:00
--------------------------------------------------------------------------------
Name : ghostscript
Product : Fedora 41
Version : 10.03.1
Release : 7.fc41
URL : https://ghostscript.com/
Summary : Interpreter for PostScript language & PDF
Description :
This package provides useful conversion utilities based on Ghostscript software,
for converting PS, PDF and other document formats between each other.
Ghostscript is a suite of software providing an interpreter for Adobe Systems'
PostScript (PS) and Portable Document Format (PDF) page description languages.
Its primary purpose includes displaying (rasterization & rendering) and printing
of document pages, as well as conversions between different document formats.
--------------------------------------------------------------------------------
Update Information:
CVE-2025-48708 ghostscript: Ghostscript Argument Sanitization Vulnerability
(fedora#2368148, fedora#2368134)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 27 2025 Zdenek Dohnal [zdohnal@redhat.com] - 10.03.1-7
- CVE-2025-48708 ghostscript: Ghostscript Argument Sanitization Vulnerability (fedora#2368148, fedora#2368134)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368134 - CVE-2025-48708 Ghostscript: Ghostscript Argument Sanitization Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=2368134
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5be02d3285' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: fcgi-2.4.0-52.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e5cc4338e7
2025-06-08 01:30:39.027216+00:00
--------------------------------------------------------------------------------
Name : fcgi
Product : Fedora 42
Version : 2.4.0
Release : 52.fc42
URL : http://www.fastcgi.com/#TheDevKit
Summary : FastCGI development kit
Description :
FastCGI is a language independent, scalable, open extension to CGI that
provides high performance without the limitations of server specific APIs.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-23016
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 2.4.0-52
- Fix CVE-2025-23016
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369269 - CVE-2025-23016 FastCGI integer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2369269
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e5cc4338e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-12.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c04e5b95f1
2025-06-08 01:30:39.027160+00:00
--------------------------------------------------------------------------------
Name : mingw-libsoup
Product : Fedora 42
Version : 2.74.3
Release : 12.fc42
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420,
CVE-2025-46421, CVE-2025-4945
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-12
- Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969,
CVE-2025-46420, CVE-2025-46421, CVE-2025-4945
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357076 - CVE-2025-32049 mingw-libsoup: Denial of Service attack to websocket server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357076
[ 2 ] Bug #2361967 - CVE-2025-46420 mingw-libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2361967
[ 3 ] Bug #2361969 - CVE-2025-46421 mingw-libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2361969
[ 4 ] Bug #2366519 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366519
[ 5 ] Bug #2366523 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366523
[ 6 ] Bug #2367178 - CVE-2025-4945 mingw-libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367178
[ 7 ] Bug #2367190 - CVE-2025-4948 mingw-libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367190
[ 8 ] Bug #2367555 - CVE-2025-4969 mingw-libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367555
[ 9 ] Bug #2367558 - CVE-2025-4969 mingw-libsoup: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367558
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c04e5b95f1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-gstreamer1-plugins-bad-free-1.25.1-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-96b62e4c87
2025-06-08 01:30:39.027167+00:00
--------------------------------------------------------------------------------
Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 42
Version : 1.25.1
Release : 3.fc42
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins "bad"
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-3887.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2025 Sandro Mani [manisandro@gmail.com] - 1.25.1-3
- Backport fix for CVE-2025-3887
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367931 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367931
[ 2 ] Bug #2367933 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367933
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-96b62e4c87' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: samba-4.22.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-68d1e02e61
2025-06-07 06:45:35.205125+00:00
--------------------------------------------------------------------------------
Name : samba
Product : Fedora 42
Version : 4.22.2
Release : 1.fc42
URL : https://www.samba.org
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.22.2 - Security fix for CVE-2025-0620
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 5 2025 G??nther Deschner [gd@samba.org] - 2:4.22.2-1
- Update to Samba 4.22.2
- resolves: rhbz#2370468
- resolves: rhbz#2370455 - Security fix for CVE-2025-0620
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370455 - CVE-2025-0620 samba: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370455
[ 2 ] Bug #2370468 - samba-4.22.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2370468
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-68d1e02e61' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: chromium-137.0.7151.68-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bc0d109630
2025-06-07 06:45:35.205082+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 137.0.7151.68
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 137.0.7151.68
CVE-2025-5419: Out of bounds read and write in V8
CVE-2025-5068: Use after free in Blink
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2025 Than Ngo [than@redhat.com] - 137.0.7151.68-1
- Update to 137.0.7151.68
* CVE-2025-5419: Out of bounds read and write in V8
* CVE-2025-5068: Use after free in Blink
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369919 - CVE-2025-5068 chromium: Chrome Use-After-Free Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369919
[ 2 ] Bug #2369920 - CVE-2025-5068 chromium: Chrome Use-After-Free Vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369920
[ 3 ] Bug #2369921 - CVE-2025-5419 chromium: Chrome Heap Corruption Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369921
[ 4 ] Bug #2369922 - CVE-2025-5419 chromium: Chrome Heap Corruption Vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369922
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bc0d109630' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mod_security-2.9.9-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7faa0bc6e5
2025-06-07 06:45:35.204906+00:00
--------------------------------------------------------------------------------
Name : mod_security
Product : Fedora 42
Version : 2.9.9
Release : 1.fc42
URL : http://www.modsecurity.org/
Summary : Security module for the Apache HTTP Server
Description :
ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks.
--------------------------------------------------------------------------------
Update Information:
This update includes mod_security version 2.9.9 which addresses CVE-2025-47947
and includes various bug fixes. See https://github.com/owasp-
modsecurity/ModSecurity/releases/tag/v2.9.9 for more information on the changes
in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 29 2025 Joe Orton [jorton@redhat.com] - 2.9.9-1
- update to 2.9.9 (#2367908)
- add bconds for yajl, ssdeep dependencies
* Wed May 21 2025 Joe Orton [jorton@redhat.com] - 2.9.8-3
- updated warning fixes, synced with upstream PR 3372
* Fri May 9 2025 Joe Orton [jorton@redhat.com] - 2.9.8-2
- fix variety of compiler warnings
* Fri May 9 2025 Joe Orton [jorton@redhat.com] - 2.9.8-1
- rebase to 2.9.8
* Fri May 9 2025 Joe Orton [jorton@redhat.com] - 2.9.7-10
- fix issues with piped logging (by Tomas Korbar, upstream #2823)
* Sat Feb 1 2025 Bj??rn Esser [besser82@fedoraproject.org] - 2.9.7-9
- Add explicit BR: libxcrypt-devel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367908 - CVE-2025-47947 mod_security: ModSecurity Has Possible DoS Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367908
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7faa0bc6e5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: chromium-137.0.7151.68-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-be7ea2f22d
2025-06-07 05:42:23.006513+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 137.0.7151.68
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 137.0.7151.68
CVE-2025-5419: Out of bounds read and write in V8
CVE-2025-5068: Use after free in Blink
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 3 2025 Than Ngo [than@redhat.com] - 137.0.7151.68-1
- Update to 137.0.7151.68
* CVE-2025-5419: Out of bounds read and write in V8
* CVE-2025-5068: Use after free in Blink
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369919 - CVE-2025-5068 chromium: Chrome Use-After-Free Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369919
[ 2 ] Bug #2369920 - CVE-2025-5068 chromium: Chrome Use-After-Free Vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369920
[ 3 ] Bug #2369921 - CVE-2025-5419 chromium: Chrome Heap Corruption Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369921
[ 4 ] Bug #2369922 - CVE-2025-5419 chromium: Chrome Heap Corruption Vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2369922
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-be7ea2f22d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mod_security-2.9.9-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-719f4a7313
2025-06-07 05:42:23.006361+00:00
--------------------------------------------------------------------------------
Name : mod_security
Product : Fedora 41
Version : 2.9.9
Release : 1.fc41
URL : http://www.modsecurity.org/
Summary : Security module for the Apache HTTP Server
Description :
ModSecurity is an open source intrusion detection and prevention engine
for web applications. It operates embedded into the web server, acting
as a powerful umbrella - shielding web applications from attacks.
--------------------------------------------------------------------------------
Update Information:
This update includes mod_security version 2.9.9 which addresses CVE-2025-47947
and includes various bug fixes. See https://github.com/owasp-
modsecurity/ModSecurity/releases/tag/v2.9.9 for more information on the changes
in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 29 2025 Joe Orton [jorton@redhat.com] - 2.9.9-1
- update to 2.9.9 (#2367908)
- add bconds for yajl, ssdeep dependencies
* Wed May 21 2025 Joe Orton [jorton@redhat.com] - 2.9.8-3
- updated warning fixes, synced with upstream PR 3372
* Fri May 9 2025 Joe Orton [jorton@redhat.com] - 2.9.8-2
- fix variety of compiler warnings
* Fri May 9 2025 Joe Orton [jorton@redhat.com] - 2.9.8-1
- rebase to 2.9.8
* Fri May 9 2025 Joe Orton [jorton@redhat.com] - 2.9.7-10
- fix issues with piped logging (by Tomas Korbar, upstream #2823)
* Sat Feb 1 2025 Bj??rn Esser [besser82@fedoraproject.org] - 2.9.7-9
- Add explicit BR: libxcrypt-devel
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.9.7-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367907 - CVE-2025-47947 mod_security: ModSecurity Has Possible DoS Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367907
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-719f4a7313' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
