The Chromium update for Fedora 42 addresses a security vulnerability known as CVE-2025-9132, which is an out-of-bounds write in V8.
Fedora 42 Update: chromium-139.0.7258.138-1.fc42
Fedora 41 Update: python3-docs-3.13.7-1.fc41
Fedora 41 Update: python3.13-3.13.7-1.fc41
[SECURITY] Fedora 42 Update: chromium-139.0.7258.138-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-60b63cf743
2025-08-26 01:57:02.884710+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 139.0.7258.138
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Updated to 139.0.7258.138
CVE-2025-9132: Out of bounds write in V8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 22 2025 Than Ngo [than@redhat.com] - 139.0.7258.138-1
- Updated to 139.0.7258.138
* CVE-2025-9132: Out of bounds write in V8
* Wed Aug 20 2025 Dominik Mierzejewski [dominik@greysector.net] - 139.0.7258.127-2
- Drop unused yasm build dependency
see https://fedoraproject.org/wiki/Changes/DeprecateYASM
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2390067 - CVE-2025-9132 chromium: From CVEorg collector [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2390067
[ 2 ] Bug #2390068 - CVE-2025-9132 chromium: From CVEorg collector [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2390068
[ 3 ] Bug #2390070 - CVE-2025-9132 chromium: From CVEorg collector [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2390070
[ 4 ] Bug #2390073 - CVE-2025-9132 chromium: From CVEorg collector [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2390073
[ 5 ] Bug #2390075 - CVE-2025-9132 chromium: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2390075
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-60b63cf743' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python3-docs-3.13.7-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-62fe746ed0
2025-08-26 01:54:53.803668+00:00
--------------------------------------------------------------------------------
Name : python3-docs
Product : Fedora 41
Version : 3.13.7
Release : 1.fc41
URL : https://www.python.org/
Summary : Documentation for the Python 3 programming language
Description :
The python3-docs package contains documentation on the Python 3
programming language and interpreter.
--------------------------------------------------------------------------------
Update Information:
Python 3.13.7 is the seventh maintenance release of 3.13.
3.13.7 is an expedited release to fix a significant issue with the 3.13.6
release:
gh-137583: Regression in ssl module between 3.13.5 and 3.13.6: reading from a
TLS-encrypted connection blocks
A few other bug fixes (which would otherwise have waited until the next release)
are also included.
3.13.6 is the sixth maintenance release of 3.13, containing around 200 bugfixes,
build improvements and documentation changes since 3.13.5.
This update contains fix for https://www.cve.org/CVERecord?id=CVE-2025-8194
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 14 2025 Miro Hron??ok [miro@hroncok.cz] - 3.13.7-1
- Update to 3.13.7
* Thu Aug 7 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.13.6-1
- Update to 3.13.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384068 - CVE-2025-8194 python3.13: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384068
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-62fe746ed0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: python3.13-3.13.7-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-62fe746ed0
2025-08-26 01:54:53.803668+00:00
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 41
Version : 3.13.7
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
--------------------------------------------------------------------------------
Update Information:
Python 3.13.7 is the seventh maintenance release of 3.13.
3.13.7 is an expedited release to fix a significant issue with the 3.13.6
release:
gh-137583: Regression in ssl module between 3.13.5 and 3.13.6: reading from a
TLS-encrypted connection blocks
A few other bug fixes (which would otherwise have waited until the next release)
are also included.
3.13.6 is the sixth maintenance release of 3.13, containing around 200 bugfixes,
build improvements and documentation changes since 3.13.5.
This update contains fix for https://www.cve.org/CVERecord?id=CVE-2025-8194
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 14 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.13.7-1
- Update to 3.13.7
* Thu Aug 7 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.13.5-5
- Update to 3.13.6
* Mon Jul 28 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.13.5-4
- Fix CVE-2025-8194: Tarfile infinite loop during parsing with negative member offset
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.13.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jun 25 2025 Karolina Surma [ksurma@redhat.com] - 3.13.5-2
- Conditionally skip tests not working with the older expat version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384068 - CVE-2025-8194 python3.13: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384068
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-62fe746ed0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
