Fedora 43 Update: nextcloud-32.0.3-1.fc43
Fedora 43 Update: cef-143.0.10^chromium143.0.7499.146-1.fc43
Fedora 42 Update: cef-143.0.10^chromium143.0.7499.146-1.fc42
Fedora 42 Update: uriparser-1.0.0-1.fc42
Fedora 42 Update: util-linux-2.40.4-8.fc42
Fedora 42 Update: nextcloud-32.0.3-1.fc42
[SECURITY] Fedora 43 Update: nextcloud-32.0.3-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-86c0829159
2025-12-21 03:52:21.127388+00:00
--------------------------------------------------------------------------------
Name : nextcloud
Product : Fedora 43
Version : 32.0.3
Release : 1.fc43
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.
--------------------------------------------------------------------------------
Update Information:
32.0.3 release, fixes RHBZ# 2420196 RHBZ# 2420197 RHBZ# 2420198 RHBZ# 2421368
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 32.0.3-1
- 32.0.3 release, fixes RHBZ# 2420196 RHBZ# 2420197 RHBZ# 2420198 RHBZ#
2421368
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2420196 - CVE-2025-66512 nextcloud: Nextcloud Server XSS in SVG images when opened outside of Nextcloud [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2420196
[ 2 ] Bug #2420197 - CVE-2025-66512 nextcloud: Nextcloud Server XSS in SVG images when opened outside of Nextcloud [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420197
[ 3 ] Bug #2420198 - CVE-2025-66512 nextcloud: Nextcloud Server XSS in SVG images when opened outside of Nextcloud [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420198
[ 4 ] Bug #2421368 - nextcloud-32.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2421368
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-86c0829159' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: cef-143.0.10^chromium143.0.7499.146-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6e776254bf
2025-12-21 03:52:21.127349+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 43
Version : 143.0.10^chromium143.0.7499.146
Release : 1.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482)
High CVE-2025-14765: Use after free in WebGPU
High CVE-2025-14766: Out of bounds read and write in V8
High CVE-2025-13630: Type Confusion in V8
High CVE-2025-13631: Inappropriate implementation in Google Updater
High CVE-2025-13632: Inappropriate implementation in DevTools
High CVE-2025-13633: Use after free in Digital Credentials
Medium CVE-2025-13634: Inappropriate implementation in Downloads
Medium CVE-2025-13720: Bad cast in Loader
Medium CVE-2025-13721: Race in v8
Low CVE-2025-13635: Inappropriate implementation in Downloads
Low CVE-2025-13636: Inappropriate implementation in Split View
Low CVE-2025-13637: Inappropriate implementation in Downloads
Low CVE-2025-13638: Use after free in Media Stream
Low CVE-2025-13639: Inappropriate implementation in WebRTC
Low CVE-2025-13640: Inappropriate implementation in Passwords
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Than Ngo [than@redhat.com] - 143.0.10^chromium143.0.7499.146-1
- Update to 143.0.7499.146 [rhbz#2423482]
- * High CVE-2025-14765: Use after free in WebGPU
- * High CVE-2025-14766: Out of bounds read and write in V8
- Force dark mode when auto dark mode web content is on
- Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as
it's merged
* Thu Dec 18 2025 Hoshino Lina [lina@lina.yt] - 143.0.10^chromium143.0.7499.109-7
- Fix accelerated paint regression
* Sun Dec 14 2025 Hoshino Lina [lina@lina.yt] - 143.0.10^chromium143.0.7499.109-6
- Remove GTK dependency
* Fri Dec 12 2025 Than Ngo [than@redhat.com] - 143.0.10^chromium143.0.7499.109-2
- Enable gtk4 by default
* Fri Dec 12 2025 Than Ngo [than@redhat.com] - 143.0.10^chromium143.0.7499.109-1
- Update to 143.0.7499.109
- * High: Under coordination
- * Medium CVE-2025-14372: Use after free in Password Manager
- * Medium CVE-2025-14373: Inappropriate implementation in Toolbar
- Workaround problem of auto dark mode inverting images and making them
unreadable
- Hoshino Lina: Update to cef-143.0.10+g8aed01b (rhbz#2421703)
* Wed Dec 10 2025 LuK1337 [priv.luk@gmail.com] - 143.0.9^chromium143.0.7499.40-6
- Backport Wayland Omnibox bug fix from upstream
* Wed Dec 10 2025 Than Ngo [than@redhat.com] - 143.0.9^chromium143.0.7499.40-1
- Update to 143.0.7499.40
- Hoshino Lina: Update to cef-143.0.9+ge88e818 (rhbz#2420939)
- * High CVE-2025-13630: Type Confusion in V8
- * High CVE-2025-13631: Inappropriate implementation in Google Updater
- * High CVE-2025-13632: Inappropriate implementation in DevTools
- * High CVE-2025-13633: Use after free in Digital Credentials
- * Medium CVE-2025-13634: Inappropriate implementation in Downloads
- * Medium CVE-2025-13720: Bad cast in Loader
- * Medium CVE-2025-13721: Race in v8
- * Low CVE-2025-13635: Inappropriate implementation in Downloads
- * Low CVE-2025-13636: Inappropriate implementation in Split View
- * Low CVE-2025-13637: Inappropriate implementation in Downloads
- * Low CVE-2025-13638: Use after free in Media Stream
- * Low CVE-2025-13639: Inappropriate implementation in WebRTC
- * Low CVE-2025-13640: Inappropriate implementation in Passwords
- Drop workaround darkmode-image-policy.patch
- Fix build error due to Unresolved dependencies
- Fix swiftshader to compile with llvm-16.0
- Refresh python-3.9-ftbfs patch for el9
- Refresh ppc64le patches
- Refresh chromium.conf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2420939 - cef-143.0.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420939
[ 2 ] Bug #2421703 - cef-143.0.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2421703
[ 3 ] Bug #2423482 - cef-143.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2423482
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6e776254bf' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cef-143.0.10^chromium143.0.7499.146-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7605ca0d7d
2025-12-21 00:50:40.670442+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 143.0.10^chromium143.0.7499.146
Release : 1.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to cef-143.0.10+g8aed01b + chromium-143.0.7499.146 (rhbz#2423482)
High CVE-2025-14765: Use after free in WebGPU
High CVE-2025-14766: Out of bounds read and write in V8
High CVE-2025-13630: Type Confusion in V8
High CVE-2025-13631: Inappropriate implementation in Google Updater
High CVE-2025-13632: Inappropriate implementation in DevTools
High CVE-2025-13633: Use after free in Digital Credentials
Medium CVE-2025-13634: Inappropriate implementation in Downloads
Medium CVE-2025-13720: Bad cast in Loader
Medium CVE-2025-13721: Race in v8
Low CVE-2025-13635: Inappropriate implementation in Downloads
Low CVE-2025-13636: Inappropriate implementation in Split View
Low CVE-2025-13637: Inappropriate implementation in Downloads
Low CVE-2025-13638: Use after free in Media Stream
Low CVE-2025-13639: Inappropriate implementation in WebRTC
Low CVE-2025-13640: Inappropriate implementation in Passwords
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 18 2025 Than Ngo [than@redhat.com] - 143.0.10^chromium143.0.7499.146-1
- Update to 143.0.7499.146 [rhbz#2423482]
- * High CVE-2025-14765: Use after free in WebGPU
- * High CVE-2025-14766: Out of bounds read and write in V8
- Force dark mode when auto dark mode web content is on
- Remove omnibox-next-Improve-cutout-mouse-handling-for-Wayla patch, as
it's merged
* Thu Dec 18 2025 Hoshino Lina [lina@lina.yt] - 143.0.10^chromium143.0.7499.109-7
- Fix accelerated paint regression
* Sun Dec 14 2025 Hoshino Lina [lina@lina.yt] - 143.0.10^chromium143.0.7499.109-6
- Remove GTK dependency
* Fri Dec 12 2025 Than Ngo [than@redhat.com] - 143.0.10^chromium143.0.7499.109-2
- Enable gtk4 by default
* Fri Dec 12 2025 Than Ngo [than@redhat.com] - 143.0.10^chromium143.0.7499.109-1
- Update to 143.0.7499.109
- * High: Under coordination
- * Medium CVE-2025-14372: Use after free in Password Manager
- * Medium CVE-2025-14373: Inappropriate implementation in Toolbar
- Workaround problem of auto dark mode inverting images and making them
unreadable
- Hoshino Lina: Update to cef-143.0.10+g8aed01b (rhbz#2421703)
* Wed Dec 10 2025 LuK1337 [priv.luk@gmail.com] - 143.0.9^chromium143.0.7499.40-6
- Backport Wayland Omnibox bug fix from upstream
* Wed Dec 10 2025 Than Ngo [than@redhat.com] - 143.0.9^chromium143.0.7499.40-1
- Update to 143.0.7499.40
- Hoshino Lina: Update to cef-143.0.9+ge88e818 (rhbz#2420939)
- * High CVE-2025-13630: Type Confusion in V8
- * High CVE-2025-13631: Inappropriate implementation in Google Updater
- * High CVE-2025-13632: Inappropriate implementation in DevTools
- * High CVE-2025-13633: Use after free in Digital Credentials
- * Medium CVE-2025-13634: Inappropriate implementation in Downloads
- * Medium CVE-2025-13720: Bad cast in Loader
- * Medium CVE-2025-13721: Race in v8
- * Low CVE-2025-13635: Inappropriate implementation in Downloads
- * Low CVE-2025-13636: Inappropriate implementation in Split View
- * Low CVE-2025-13637: Inappropriate implementation in Downloads
- * Low CVE-2025-13638: Use after free in Media Stream
- * Low CVE-2025-13639: Inappropriate implementation in WebRTC
- * Low CVE-2025-13640: Inappropriate implementation in Passwords
- Drop workaround darkmode-image-policy.patch
- Fix build error due to Unresolved dependencies
- Fix swiftshader to compile with llvm-16.0
- Refresh python-3.9-ftbfs patch for el9
- Refresh ppc64le patches
- Refresh chromium.conf
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2420939 - cef-143.0.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420939
[ 2 ] Bug #2421703 - cef-143.0.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2421703
[ 3 ] Bug #2423482 - cef-143.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2423482
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7605ca0d7d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: uriparser-1.0.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bf69e91bda
2025-12-21 00:50:40.670508+00:00
--------------------------------------------------------------------------------
Name : uriparser
Product : Fedora 42
Version : 1.0.0
Release : 1.fc42
URL : https://uriparser.github.io/
Summary : URI parsing library - RFC 3986
Description :
Uriparser is a strictly RFC 3986 compliant URI parsing library written
in C. uriparser is cross-platform, fast, supports Unicode and is
licensed under the New BSD license.
--------------------------------------------------------------------------------
Update Information:
Update to uriparser-1.0.0, fixes CVE-2025-67899.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 15 2025 Sandro Mani [manisandro@gmail.com] - 1.0.0-1
- Update to 1.0.0
* Thu Sep 4 2025 Sandro Mani [manisandro@gmail.com] - 0.9.9-1
- Update to 0.9.9
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2423026 - CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumption via large input [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2423026
[ 2 ] Bug #2423027 - CVE-2025-67899 uriparser: uriparser: Unbounded recursion and stack consumption via large input [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423027
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bf69e91bda' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: util-linux-2.40.4-8.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-fc18ab1e37
2025-12-21 00:50:40.670499+00:00
--------------------------------------------------------------------------------
Name : util-linux
Product : Fedora 42
Version : 2.40.4
Release : 8.fc42
URL : https://en.wikipedia.org/wiki/Util-linux
Summary : Collection of basic system utilities
Description :
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, util-linux contains the fdisk configuration tool and the login
program.
--------------------------------------------------------------------------------
Update Information:
fix setpwnam() buffer use [CVE-2025-14104]
libblkid: use snprintf() instead of sprintf()
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 15 2025 Karel Zak [kzak@redhat.com] - 2.40.4-8
- fix setpwnam() buffer use [CVE-2025-14104]
- libblkid: use snprintf() instead of sprintf()
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419370 - CVE-2025-14104 util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2419370
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-fc18ab1e37' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: nextcloud-32.0.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-519240c972
2025-12-21 00:50:40.670459+00:00
--------------------------------------------------------------------------------
Name : nextcloud
Product : Fedora 42
Version : 32.0.3
Release : 1.fc42
URL : http://nextcloud.com
Summary : Private file sync and share server
Description :
NextCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. NextCloud is extendable via a simple but powerful API for
applications and plugins.
--------------------------------------------------------------------------------
Update Information:
32.0.3 release, fixes RHBZ# 2420196 RHBZ# 2420197 RHBZ# 2420198 RHBZ# 2421368
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 12 2025 Andrew Bauer [zonexpertconsulting@outlook.com] - 32.0.3-1
- 32.0.3 release, fixes RHBZ# 2420196 RHBZ# 2420197 RHBZ# 2420198 RHBZ#
2421368
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2420196 - CVE-2025-66512 nextcloud: Nextcloud Server XSS in SVG images when opened outside of Nextcloud [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2420196
[ 2 ] Bug #2420197 - CVE-2025-66512 nextcloud: Nextcloud Server XSS in SVG images when opened outside of Nextcloud [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2420197
[ 3 ] Bug #2420198 - CVE-2025-66512 nextcloud: Nextcloud Server XSS in SVG images when opened outside of Nextcloud [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2420198
[ 4 ] Bug #2421368 - nextcloud-32.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2421368
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-519240c972' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
