Fedora 41 Update: pypy-7.3.20-2.fc41
Fedora 42 Update: pypy-7.3.20-2.fc42
Fedora 41 Update: chromium-138.0.7204.157-1.fc41
Fedora 41 Update: screen-5.0.1-4.fc41
Fedora 42 Update: unbound-1.23.1-1.fc42
Fedora 42 Update: screen-5.0.1-4.fc42
[SECURITY] Fedora 41 Update: pypy-7.3.20-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9b8da6ad7e
2025-07-20 01:02:22.761430+00:00
--------------------------------------------------------------------------------
Name : pypy
Product : Fedora 41
Version : 7.3.20
Release : 2.fc41
URL : https://www.pypy.org/
Summary : Python implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU
architectures, and various optimized implementations of the standard types
(strings, dictionaries, etc)
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Update to 7.3.20
Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 (in pip and
setuptools wheels)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 10 2025 Charalampos Stratakis [cstratak@redhat.com] - 7.3.20-1
- Update to 7.3.20
- Fixes: rhbz#2376234
* Thu Jul 10 2025 Charalampos Stratakis [cstratak@redhat.com] - 7.3.19-2
- Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181
- Fixes: rhbz#2367430, rhbz#2372476, rhbz#2373817
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367430 - CVE-2025-47273 pypy: Path Traversal Vulnerability in setuptools PackageIndex [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367430
[ 2 ] Bug #2372476 - CVE-2024-47081 pypy: Requests vulnerable to .netrc credentials leak via malicious URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2372476
[ 3 ] Bug #2373817 - CVE-2025-50181 pypy: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2373817
[ 4 ] Bug #2376234 - pypy-7.3.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2376234
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9b8da6ad7e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: pypy-7.3.20-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a37bf9ddbd
2025-07-20 00:46:18.199989+00:00
--------------------------------------------------------------------------------
Name : pypy
Product : Fedora 42
Version : 7.3.20
Release : 2.fc42
URL : https://www.pypy.org/
Summary : Python implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU
architectures, and various optimized implementations of the standard types
(strings, dictionaries, etc)
This build of PyPy has JIT-compilation enabled.
--------------------------------------------------------------------------------
Update Information:
Update to 7.3.20
Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 (in pip and
setuptools wheels)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 10 2025 Charalampos Stratakis [cstratak@redhat.com] - 7.3.20-1
- Update to 7.3.20
- Fixes: rhbz#2376234
* Thu Jul 10 2025 Charalampos Stratakis [cstratak@redhat.com] - 7.3.19-2
- Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181
- Fixes: rhbz#2367430, rhbz#2372476, rhbz#2373817
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2367430 - CVE-2025-47273 pypy: Path Traversal Vulnerability in setuptools PackageIndex [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367430
[ 2 ] Bug #2372476 - CVE-2024-47081 pypy: Requests vulnerable to .netrc credentials leak via malicious URLs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2372476
[ 3 ] Bug #2373817 - CVE-2025-50181 pypy: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2373817
[ 4 ] Bug #2376234 - pypy-7.3.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2376234
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a37bf9ddbd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: chromium-138.0.7204.157-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3c3f7d86db
2025-07-19 21:46:55.252417+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 138.0.7204.157
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 138.0.7204.157
* CVE-2025-7656: Integer overflow in V8
* CVE-2025-7657: Use after free in WebRTC
* CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 16 2025 Than Ngo [than@redhat.com] - 138.0.7204.157-1
- Update to 138.0.7204.157
* CVE-2025-7656: Integer overflow in V8
* CVE-2025-7657: Use after free in WebRTC
* CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU
* Fri Jul 11 2025 Tom Stellard [tstellar@redhat.com] -138.0.7204.100-2
- Update rust-clanglib patch for clang 21
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2376010 - CVE-2025-34092 chromium: Chrome Cookie Key Exposure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2376010
[ 2 ] Bug #2380352 - CVE-2025-7657 chromium: Chromium use after free [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2380352
[ 3 ] Bug #2380353 - CVE-2025-7656 chromium: Chromium integer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2380353
[ 4 ] Bug #2380354 - CVE-2025-6558 chromium: Chromium insufficient validation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2380354
[ 5 ] Bug #2380355 - CVE-2025-7656 chromium: Chromium integer overflow [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2380355
[ 6 ] Bug #2380356 - CVE-2025-7657 chromium: Chromium use after free [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2380356
[ 7 ] Bug #2380357 - CVE-2025-6558 chromium: Chromium insufficient validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2380357
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3c3f7d86db' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: screen-5.0.1-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-653690f2f7
2025-07-19 21:46:55.252343+00:00
--------------------------------------------------------------------------------
Name : screen
Product : Fedora 41
Version : 5.0.1
Release : 4.fc41
URL : http://www.gnu.org/software/screen
Summary : A screen manager that supports multiple logins on one terminal
Description :
The screen utility allows you to have multiple logins on just one
terminal. Screen is useful for users who telnet into a machine or are
connected via a dumb terminal, but want to use more than just one
login.
Install the screen package if you need a screen manager that can
support multiple logins on one terminal.
--------------------------------------------------------------------------------
Update Information:
Update default config options for build.
New upstream release 5.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 30 2025 Josef Ridky [jridky@redhat.com] - 5.0.1-4
- Modify configuration options to reflect changes in version 5.0.1
* Sat Jun 28 2025 Charles R. Anderson [cra@alum.wpi.edu] - 5.0.1-3
- Add --enable-socket-dir
- Resolves: rhbz#2375347
* Wed Jun 25 2025 Josef Ridky [jridky@redhat.com] - 5.0.1-2
- Unify patch name
* Thu May 29 2025 Dick Marinus [dick@mrns.nl] - 5.0.1-1
- New upstream release 5.0.1 (#2366507)
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 5.0.0-4
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Sat Feb 1 2025 Bj??rn Esser [besser82@fedoraproject.org] - 5.0.0-3
- Add explicit BR: libxcrypt-devel
* Sun Jan 19 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Aug 29 2024 Josef Ridky [jridky@redhat.com] - 5.0.0-1
- New upsream release 5.0.0 (#2308450)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2362065 - [abrt] screen: strncpy(): screen killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2362065
[ 2 ] Bug #2366507 - screen-5.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366507
[ 3 ] Bug #2367169 - Backport to F42: Add sysusers.d config file to allow rpm to create users/groups automatically
https://bugzilla.redhat.com/show_bug.cgi?id=2367169
[ 4 ] Bug #2368500 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368500
[ 5 ] Bug #2368501 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368501
[ 6 ] Bug #2368503 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368503
[ 7 ] Bug #2368504 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368504
[ 8 ] Bug #2374606 - CVE-2025-23395 screen: Local Root Exploit via `logfile_reopen()` [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2374606
[ 9 ] Bug #2375347 - screen changed location of sockets--now in $HOME/.screen rather than /run/screen
https://bugzilla.redhat.com/show_bug.cgi?id=2375347
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-653690f2f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: unbound-1.23.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-350a4ec835
2025-07-19 21:31:40.396506+00:00
--------------------------------------------------------------------------------
Name : unbound
Product : Fedora 42
Version : 1.23.1
Release : 1.fc42
URL : https://nlnetlabs.nl/projects/unbound/
Summary : Validating, recursive, and caching DNS(SEC) resolver
Description :
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
The C implementation of Unbound is developed and maintained by NLnet
Labs. It is based on ideas and algorithms taken from a java prototype
developed by Verisign labs, Nominet, Kirei and ep.net.
Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
as a server, but are linked into an application) are easily possible.
--------------------------------------------------------------------------------
Update Information:
Update to 1.23.1 (rhbz#2380450)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 17 2025 Tomas Korbar [tkorbar@redhat.com] - 1.23.1-1
- Update to 1.23.1 (rhbz#2380450)
* Thu Jun 12 2025 psklenar@redhat.com [psklenar@redhat.com] - 1.23.0-5
- fedora CI plans move to gitlab for centos-stream test space
https://issues.redhat.com/browse/RHELMISC-13073
* Tue Jun 10 2025 Python Maint - 1.23.0-4
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2381426 - CVE-2025-5994 unbound: Unbound Cache poisoning [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2381426
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-350a4ec835' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: screen-5.0.1-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f055a0d751
2025-07-19 21:31:40.396395+00:00
--------------------------------------------------------------------------------
Name : screen
Product : Fedora 42
Version : 5.0.1
Release : 4.fc42
URL : http://www.gnu.org/software/screen
Summary : A screen manager that supports multiple logins on one terminal
Description :
The screen utility allows you to have multiple logins on just one
terminal. Screen is useful for users who telnet into a machine or are
connected via a dumb terminal, but want to use more than just one
login.
Install the screen package if you need a screen manager that can
support multiple logins on one terminal.
--------------------------------------------------------------------------------
Update Information:
Update default config options for build.
New upstream release 5.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 30 2025 Josef Ridky [jridky@redhat.com] - 5.0.1-4
- Modify configuration options to reflect changes in version 5.0.1
* Sat Jun 28 2025 Charles R. Anderson [cra@alum.wpi.edu] - 5.0.1-3
- Add --enable-socket-dir
- Resolves: rhbz#2375347
* Wed Jun 25 2025 Josef Ridky [jridky@redhat.com] - 5.0.1-2
- Unify patch name
* Thu May 29 2025 Dick Marinus [dick@mrns.nl] - 5.0.1-1
- New upstream release 5.0.1 (#2366507)
* Tue Feb 11 2025 Zbigniew J??drzejewski-Szmek [zbyszek@in.waw.pl] - 5.0.0-4
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Sat Feb 1 2025 Bj??rn Esser [besser82@fedoraproject.org] - 5.0.0-3
- Add explicit BR: libxcrypt-devel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2362065 - [abrt] screen: strncpy(): screen killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=2362065
[ 2 ] Bug #2366507 - screen-5.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2366507
[ 3 ] Bug #2367169 - Backport to F42: Add sysusers.d config file to allow rpm to create users/groups automatically
https://bugzilla.redhat.com/show_bug.cgi?id=2367169
[ 4 ] Bug #2368500 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368500
[ 5 ] Bug #2368501 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368501
[ 6 ] Bug #2368503 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368503
[ 7 ] Bug #2368504 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2368504
[ 8 ] Bug #2374606 - CVE-2025-23395 screen: Local Root Exploit via `logfile_reopen()` [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2374606
[ 9 ] Bug #2375347 - screen changed location of sockets--now in $HOME/.screen rather than /run/screen
https://bugzilla.redhat.com/show_bug.cgi?id=2375347
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f055a0d751' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
