Fedora 42 Update: dotnet8.0-8.0.121-1.fc42
Fedora 42 Update: cef-141.0.11^chromium141.0.7390.122-1.fc42
Fedora 43 Update: dotnet8.0-8.0.121-1.fc43
Fedora 43 Update: cef-141.0.11^chromium141.0.7390.122-1.fc43
[SECURITY] Fedora 42 Update: dotnet8.0-8.0.121-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f74de9283d
2025-11-11 01:25:41.925105+00:00
--------------------------------------------------------------------------------
Name : dotnet8.0
Product : Fedora 42
Version : 8.0.121
Release : 1.fc42
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.
--------------------------------------------------------------------------------
Update Information:
This is the October 2025 release of .NET 8.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.21/8.0.121.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.21/8.0.21.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 30 2025 Omair Majid [omajid@redhat.com] - 8.0.121-1
- Update to .NET SDK 8.0.121 and Runtime 8.0.21
* Tue Oct 28 2025 Omair Majid [omajid@redhat.com] - 8.0.120-2
- Don't use clang 21
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f74de9283d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cef-141.0.11^chromium141.0.7390.122-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-313f6d7702
2025-11-11 01:25:41.925098+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 141.0.11^chromium141.0.7390.122
Release : 1.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 141.0.7390.122
High CVE-2025-12036 chromium: Inappropriate implementation in V8
High CVE-2025-11756: Use after free in Safe Browsing
High CVE-2025-11458: Heap buffer overflow in Sync
High CVE-2025-11460: Use after free in Storage
Medium CVE-2025-11211: Out of bounds read in WebCodecs
High CVE-2025-11205: Heap buffer overflow in WebGPU
High CVE-2025-11206: Heap buffer overflow in Video
Medium CVE-2025-11207: Side-channel information leakage in Storage
Medium CVE-2025-11208: Inappropriate implementation in Media
Medium CVE-2025-11209: Inappropriate implementation in Omnibox
Medium CVE-2025-11210: Side-channel information leakage in Tab
Medium CVE-2025-11211: Out of bounds read in Media
Medium CVE-2025-11212: Inappropriate implementation in Media
Medium CVE-2025-11213: Inappropriate implementation in Omnibox
Medium CVE-2025-11215: Off by one error in V8
Low CVE-2025-11216: Inappropriate implementation in Storage
Low CVE-2025-11219: Use after free in V8
CVE-2025-10890: Side-channel information leakage in V8
CVE-2025-10891: Integer overflow in V8
CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.122-1
- Update to 141.0.7390.122
- * High CVE-2025-12036 chromium: Inappropriate implementation in V8
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.107-1
- Update 141.0.7390.107
- * High CVE-2025-11756: Use after free in Safe Browsing
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.76-1
- Update to 141.0.7390.76
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.65-1
- Update to 141.0.7390.65
- * High CVE-2025-11458: Heap buffer overflow in Sync
- * High CVE-2025-11460: Use after free in Storage
- * Medium CVE-2025-11211: Out of bounds read in WebCodecs
- remove 0001-Change-use-of-removed-intrinsic.patch as it is included in
141.0.7390.65
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.54-1
- Update to 141.0.7390.54
- * Update to cef-141.0.11+g7e73ac4 (rhbz#2402447) (Asahi Lina)
- * High CVE-2025-11205: Heap buffer overflow in WebGPU
- * High CVE-2025-11206: Heap buffer overflow in Video
- * Medium CVE-2025-11207: Side-channel information leakage in Storage
- * Medium CVE-2025-11208: Inappropriate implementation in Media
- * Medium CVE-2025-11209: Inappropriate implementation in Omnibox
- * Medium CVE-2025-11210: Side-channel information leakage in Tab
- * Medium CVE-2025-11211: Out of bounds read in Media
- * Medium CVE-2025-11212: Inappropriate implementation in Media
- * Medium CVE-2025-11213: Inappropriate implementation in Omnibox
- * Medium CVE-2025-11215: Off by one error in V8
- * Low CVE-2025-11216: Inappropriate implementation in Storage
- * Low CVE-2025-11219: Use after free in V8
- Refreshed ppc64le patches
- Fixed issue with incorrect display of the links on startpage in Darkmode
- Fixed FTBFS - error: no member named 'bPsnrY' in 'Source_Picture_s'
- Fixed, DebugInfo packages aren't being produced
- Refreshed rust-clanglib patch
- Fixed FTBFS due to old ffmpeg on Epel9
- Fixed FTBFS - error: invalid application of 'sizeof' to an incomplete
type 'blink::CSSStyleSheet'
- Fixed FTBFS due to missing header files
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-313f6d7702' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: dotnet8.0-8.0.121-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9171c95e17
2025-11-11 00:49:05.461798+00:00
--------------------------------------------------------------------------------
Name : dotnet8.0
Product : Fedora 43
Version : 8.0.121
Release : 1.fc43
URL : https://github.com/dotnet/
Summary : .NET Runtime and SDK
Description :
.NET is a fast, lightweight and modular platform for creating
cross platform applications that work on Linux, macOS and Windows.
It particularly focuses on creating console applications, web
applications and micro-services.
.NET contains a runtime conforming to .NET Standards a set of
framework libraries, an SDK containing compilers and a 'dotnet'
application to drive everything.
--------------------------------------------------------------------------------
Update Information:
This is the October 2025 release of .NET 8.
Release Notes:
SDK: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.21/8.0.121.md
Runtime: https://github.com/dotnet/core/blob/main/release-
notes/8.0/8.0.21/8.0.21.md
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 30 2025 Omair Majid [omajid@redhat.com] - 8.0.121-1
- Update to .NET SDK 8.0.121 and Runtime 8.0.21
* Tue Oct 28 2025 Omair Majid [omajid@redhat.com] - 8.0.120-2
- Don't use clang 21
* Wed Sep 10 2025 Omair Majid [omajid@redhat.com] - 8.0.120-1
- Update to .NET SDK 8.0.120 and Runtime 8.0.20
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402740 - 8.0.120 breaks gating tests and breaks apps in F43+
https://bugzilla.redhat.com/show_bug.cgi?id=2402740
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9171c95e17' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: cef-141.0.11^chromium141.0.7390.122-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6c9c483e21
2025-11-11 00:49:05.461788+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 43
Version : 141.0.11^chromium141.0.7390.122
Release : 1.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 141.0.7390.122
High CVE-2025-12036 chromium: Inappropriate implementation in V8
High CVE-2025-11756: Use after free in Safe Browsing
High CVE-2025-11458: Heap buffer overflow in Sync
High CVE-2025-11460: Use after free in Storage
Medium CVE-2025-11211: Out of bounds read in WebCodecs
High CVE-2025-11205: Heap buffer overflow in WebGPU
High CVE-2025-11206: Heap buffer overflow in Video
Medium CVE-2025-11207: Side-channel information leakage in Storage
Medium CVE-2025-11208: Inappropriate implementation in Media
Medium CVE-2025-11209: Inappropriate implementation in Omnibox
Medium CVE-2025-11210: Side-channel information leakage in Tab
Medium CVE-2025-11211: Out of bounds read in Media
Medium CVE-2025-11212: Inappropriate implementation in Media
Medium CVE-2025-11213: Inappropriate implementation in Omnibox
Medium CVE-2025-11215: Off by one error in V8
Low CVE-2025-11216: Inappropriate implementation in Storage
Low CVE-2025-11219: Use after free in V8
CVE-2025-10890: Side-channel information leakage in V8
CVE-2025-10891: Integer overflow in V8
CVE-2025-10892: Integer overflow in V8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.122-1
- Update to 141.0.7390.122
- * High CVE-2025-12036 chromium: Inappropriate implementation in V8
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.107-1
- Update 141.0.7390.107
- * High CVE-2025-11756: Use after free in Safe Browsing
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.76-1
- Update to 141.0.7390.76
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.65-1
- Update to 141.0.7390.65
- * High CVE-2025-11458: Heap buffer overflow in Sync
- * High CVE-2025-11460: Use after free in Storage
- * Medium CVE-2025-11211: Out of bounds read in WebCodecs
- remove 0001-Change-use-of-removed-intrinsic.patch as it is included in
141.0.7390.65
* Thu Oct 30 2025 Than Ngo [than@redhat.com] - 141.0.11^chromium141.0.7390.54-1
- Update to 141.0.7390.54
- * Update to cef-141.0.11+g7e73ac4 (rhbz#2402447) (Asahi Lina)
- * High CVE-2025-11205: Heap buffer overflow in WebGPU
- * High CVE-2025-11206: Heap buffer overflow in Video
- * Medium CVE-2025-11207: Side-channel information leakage in Storage
- * Medium CVE-2025-11208: Inappropriate implementation in Media
- * Medium CVE-2025-11209: Inappropriate implementation in Omnibox
- * Medium CVE-2025-11210: Side-channel information leakage in Tab
- * Medium CVE-2025-11211: Out of bounds read in Media
- * Medium CVE-2025-11212: Inappropriate implementation in Media
- * Medium CVE-2025-11213: Inappropriate implementation in Omnibox
- * Medium CVE-2025-11215: Off by one error in V8
- * Low CVE-2025-11216: Inappropriate implementation in Storage
- * Low CVE-2025-11219: Use after free in V8
- Refreshed ppc64le patches
- Fixed issue with incorrect display of the links on startpage in Darkmode
- Fixed FTBFS - error: no member named 'bPsnrY' in 'Source_Picture_s'
- Fixed, DebugInfo packages aren't being produced
- Refreshed rust-clanglib patch
- Fixed FTBFS due to old ffmpeg on Epel9
- Fixed FTBFS - error: invalid application of 'sizeof' to an incomplete
type 'blink::CSSStyleSheet'
- Fixed FTBFS due to missing header files
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6c9c483e21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
