Fedora 41 Update: python3.12-3.12.12-1.fc41
Fedora 41 Update: python3.9-3.9.24-1.fc41
Fedora 41 Update: python3.10-3.10.19-1.fc41
Fedora 41 Update: python3.11-3.11.14-1.fc41
Fedora 41 Update: openssl-3.2.6-2.fc41
Fedora 41 Update: mingw-poppler-24.02.0-6.fc41
Fedora 41 Update: prometheus-podman-exporter-1.19.0-1.fc41
Fedora 41 Update: valkey-8.0.6-1.fc41
Fedora 41 Update: podman-tui-1.9.0-1.fc41
Fedora 41 Update: skopeo-1.20.0-3.fc41
Fedora 42 Update: mingw-poppler-24.08.0-6.fc42
Fedora 42 Update: valkey-8.0.6-1.fc42
Fedora 42 Update: prometheus-podman-exporter-1.19.0-1.fc42
Fedora 42 Update: podman-tui-1.9.0-1.fc42
Fedora 42 Update: cef-140.1.15^chromium140.0.7339.207-3.fc42
[SECURITY] Fedora 41 Update: python3.12-3.12.12-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f847ce2596
2025-10-13 02:01:36.127291+00:00
--------------------------------------------------------------------------------
Name : python3.12
Product : Fedora 41
Version : 3.12.12
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.12 of the Python interpreter
Description :
Python 3.12 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.12 package provides the "python3.12" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.12-libs package,
which should be installed automatically along with python3.12.
The remaining parts of the Python standard library are broken out into the
python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.12-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.12-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to 3.12.12
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 10 2025 Karolina Surma [ksurma@redhat.com] - 3.12.12-1
- Update to 3.12.12
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.12.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2373240 - CVE-2025-6069 python3.12: Python HTMLParser quadratic complexity [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373240
[ 2 ] Bug #2384067 - CVE-2025-8194 python3.12: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384067
[ 3 ] Bug #2402863 - CVE-2025-8291 python3.12: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2402863
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f847ce2596' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python3.9-3.9.24-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9b7f0b545c
2025-10-13 02:01:36.127288+00:00
--------------------------------------------------------------------------------
Name : python3.9
Product : Fedora 41
Version : 3.9.24
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.9 of the Python interpreter
Description :
Python 3.9 package for developers.
This package exists to allow developers to test their code against an older
version of Python. This is not a full Python stack and if you wish to run
your applications with Python 3.9, see other distributions
that support it, such as CentOS or RHEL or older Fedora releases.
--------------------------------------------------------------------------------
Update Information:
Update to Python 3.9.24
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 10 2025 Karolina Surma [ksurma@redhat.com] - 3.9.24-1
- Update to Python 3.9.24
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.9.23-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2373245 - CVE-2025-6069 python3.9: Python HTMLParser quadratic complexity [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373245
[ 2 ] Bug #2384072 - CVE-2025-8194 python3.9: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384072
[ 3 ] Bug #2402868 - CVE-2025-8291 python3.9: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2402868
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9b7f0b545c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python3.10-3.10.19-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-76c806ad8e
2025-10-13 02:01:36.127286+00:00
--------------------------------------------------------------------------------
Name : python3.10
Product : Fedora 41
Version : 3.10.19
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.10 of the Python interpreter
Description :
Python 3.10 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.10 package provides the "python3.10" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.10-libs package,
which should be installed automatically along with python3.10.
The remaining parts of the Python standard library are broken out into the
python3.10-tkinter and python3.10-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.10-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.10-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to Python 3.10.19
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 10 2025 Karolina Surma [ksurma@redhat.com] - 3.10.19-1
- Update to Python 3.10.19
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.10.18-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2373237 - CVE-2025-6069 python3.10: Python HTMLParser quadratic complexity [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373237
[ 2 ] Bug #2384064 - CVE-2025-8194 python3.10: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384064
[ 3 ] Bug #2402861 - CVE-2025-8291 python3.10: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2402861
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-76c806ad8e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python3.11-3.11.14-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0d898890e2
2025-10-13 02:01:36.127283+00:00
--------------------------------------------------------------------------------
Name : python3.11
Product : Fedora 41
Version : 3.11.14
Release : 1.fc41
URL : https://www.python.org/
Summary : Version 3.11 of the Python interpreter
Description :
Python 3.11 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.11 package provides the "python3.11" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.11-libs package,
which should be installed automatically along with python3.11.
The remaining parts of the Python standard library are broken out into the
python3.11-tkinter and python3.11-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.11-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.11-" prefix.
--------------------------------------------------------------------------------
Update Information:
Update to 3.11.14
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 10 2025 Karolina Surma [ksurma@redhat.com] - 3.11.14-1
- Update to 3.11.14
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2373238 - CVE-2025-6069 python3.11: Python HTMLParser quadratic complexity [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2373238
[ 2 ] Bug #2384066 - CVE-2025-8194 python3.11: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384066
[ 3 ] Bug #2402862 - CVE-2025-8291 python3.11: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2402862
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0d898890e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: openssl-3.2.6-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e6f76d56fc
2025-10-13 02:01:36.127281+00:00
--------------------------------------------------------------------------------
Name : openssl
Product : Fedora 41
Version : 3.2.6
Release : 2.fc41
URL : http://www.openssl.org/
Summary : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
--------------------------------------------------------------------------------
Update Information:
Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 3 2025 Dmitry Belyavskiy [dbelyavs@redhat.com] - 1:3.2.6-2
- rebuilt
* Thu Oct 2 2025 Dmitry Belyavskiy [dbelyavs@redhat.com] - 1:3.2.6-1
- Rebase to 3.2.6
Resolves: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e6f76d56fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-poppler-24.02.0-6.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e16b533459
2025-10-13 02:01:36.127265+00:00
--------------------------------------------------------------------------------
Name : mingw-poppler
Product : Fedora 41
Version : 24.02.0
Release : 6.fc41
URL : http://poppler.freedesktop.org/
Summary : MinGW Windows Poppler library
Description :
MinGW Windows Poppler library.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-43718.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Sandro Mani [manisandro@gmail.com] - 24.02.0-6
- Backport fix for CVE-2025-43718
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2401095 - CVE-2025-43718 mingw-poppler: Poppler stack overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2401095
[ 2 ] Bug #2401097 - CVE-2025-43718 mingw-poppler: Poppler stack overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2401097
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e16b533459' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.19.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ae24d28ac2
2025-10-13 02:01:36.127259+00:00
--------------------------------------------------------------------------------
Name : prometheus-podman-exporter
Product : Fedora 41
Version : 1.19.0
Release : 1.fc41
URL : https://github.com/containers/prometheus-podman-exporter
Summary : Prometheus exporter for podman environment
Description :
Prometheus exporter for podman environments exposing containers, pods, images,
volumes and networks information.
--------------------------------------------------------------------------------
Update Information:
Release v1.19.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.19.0-1
- Release v1.19.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398610 - CVE-2025-47910 prometheus-podman-exporter: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398610
[ 2 ] Bug #2399275 - CVE-2025-47906 prometheus-podman-exporter: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399275
[ 3 ] Bug #2401402 - prometheus-podman-exporter-1.19.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2401402
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ae24d28ac2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: valkey-8.0.6-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-00e79c49ca
2025-10-13 02:01:36.127262+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 41
Version : 8.0.6
Release : 1.fc41
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Security fixes
CVE-2025-49844 A Lua script may lead to remote code execution
CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
CVE-2025-46818 A Lua script can be executed in the context of another user
CVE-2025-46819 LUA out-of-bound read
Bug fixes
Fix accounting for dual channel RDB bytes in replication stats (#2616)
Minor fix for dual rdb channel connection conn error log (#2658)
Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Bug fixes
Fix clients remaining blocked when reprocessing commands after certain
blocking operations (#2109)
Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
Fix potential memory leak by ensuring module context is freed when aux_save2
callback writes no data (#2132)
Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients
(#2117)
Fix missing NULL check on SSL_new() when creating outgoing TLS connections
(#2140)
Fix incorrect casting of ping extension lengths to prevent silent packet drops
(#2144)
Fix replica failover stall due to outdated config epoch (#2178)
Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after
dynamic config change (#2186)
Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
Fix client tracking memory overhead calculation (#2360)
Handle divergent shard-id from nodes.conf and reconcile to the primary node's
shard-id (#2174)
Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
Trigger election immediately during a forced manual failover (CLUSTER
FAILOVER FORCE) to avoid delay (#1067)
Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
Add support to drop all cluster packets (#1252)
Improve log clarity in failover auth denial message (#1341)
Security fixes
CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject
paths longer than PATH_MAX (#2146)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Remi Collet [remi@fedoraproject.org] - 8.0.6-1
- update to 8.0.6
fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
- update documentation to 8.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402050 - CVE-2025-49844 valkey: Redis Lua Use-After-Free may lead to remote code execution [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2402050
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-00e79c49ca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: podman-tui-1.9.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-37a930e372
2025-10-13 02:01:36.127255+00:00
--------------------------------------------------------------------------------
Name : podman-tui
Product : Fedora 41
Version : 1.9.0
Release : 1.fc41
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :
podman-tui is a terminal user interface for Podman v4 and v5.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.
--------------------------------------------------------------------------------
Update Information:
podman-tui release v1.9.0
podman-tui release 1.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.9.0-1
- Release v1.9.0
* Sun Sep 28 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.8.1-1
- Release v1.8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398609 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398609
[ 2 ] Bug #2398875 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398875
[ 3 ] Bug #2399273 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399273
[ 4 ] Bug #2399552 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399552
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-37a930e372' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: skopeo-1.20.0-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d6ba5942cb
2025-10-13 02:01:36.127227+00:00
--------------------------------------------------------------------------------
Name : skopeo
Product : Fedora 41
Version : 1.20.0
Release : 3.fc41
URL : https://github.com/containers/skopeo
Summary : Inspect container images and repositories on registries
Description :
Command line utility to inspect images and repositories directly on Docker
registries without the need to pull them
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2025-47906
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1:1.20.0-3
- rebuild for CVE-2025-47906
* Tue Sep 2 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1:1.20.0-2
- TMT: fetch tests from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2399286 - CVE-2025-47906 skopeo: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399286
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d6ba5942cb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-poppler-24.08.0-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-15b4c6bad6
2025-10-13 00:40:04.312599+00:00
--------------------------------------------------------------------------------
Name : mingw-poppler
Product : Fedora 42
Version : 24.08.0
Release : 6.fc42
URL : http://poppler.freedesktop.org/
Summary : MinGW Windows Poppler library
Description :
MinGW Windows Poppler library.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-43718.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Sandro Mani [manisandro@gmail.com] - 24.08.0-6
- Backport fix for CVE-2025-43718
* Sat Oct 4 2025 Sandro Mani [manisandro@gmail.com] - 24.08.0-5
- Backport fix for CVE-2025-43718
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2401095 - CVE-2025-43718 mingw-poppler: Poppler stack overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2401095
[ 2 ] Bug #2401097 - CVE-2025-43718 mingw-poppler: Poppler stack overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2401097
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-15b4c6bad6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: valkey-8.0.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3055a5b407
2025-10-13 00:40:04.312596+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 42
Version : 8.0.6
Release : 1.fc42
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Valkey 8.0.6 - Released Fri 03 October 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Security fixes
CVE-2025-49844 A Lua script may lead to remote code execution
CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
CVE-2025-46818 A Lua script can be executed in the context of another user
CVE-2025-46819 LUA out-of-bound read
Bug fixes
Fix accounting for dual channel RDB bytes in replication stats (#2616)
Minor fix for dual rdb channel connection conn error log (#2658)
Fix unsigned difference expression compared to zero (#2101)
Valkey 8.0.5 - Released Thu 22 Aug 2025
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Bug fixes
Fix clients remaining blocked when reprocessing commands after certain
blocking operations (#2109)
Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
Fix potential memory leak by ensuring module context is freed when aux_save2
callback writes no data (#2132)
Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients
(#2117)
Fix missing NULL check on SSL_new() when creating outgoing TLS connections
(#2140)
Fix incorrect casting of ping extension lengths to prevent silent packet drops
(#2144)
Fix replica failover stall due to outdated config epoch (#2178)
Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after
dynamic config change (#2186)
Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
Fix client tracking memory overhead calculation (#2360)
Handle divergent shard-id from nodes.conf and reconcile to the primary node's
shard-id (#2174)
Fix pre-size hashtables per slot when reading RDB files (#2466)
Behavior changes
Trigger election immediately during a forced manual failover (CLUSTER
FAILOVER FORCE) to avoid delay (#1067)
Reset ongoing election state when initiating a new manual failover (#1274)
Logging and Tooling Improvements
Add support to drop all cluster packets (#1252)
Improve log clarity in failover auth denial message (#1341)
Security fixes
CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject
paths longer than PATH_MAX (#2146)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Remi Collet [remi@fedoraproject.org] - 8.0.6-1
- update to 8.0.6
fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819
- update documentation to 8.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402051 - CVE-2025-49844 valkey: Redis Lua Use-After-Free may lead to remote code execution [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2402051
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3055a5b407' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: prometheus-podman-exporter-1.19.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b4003be6a2
2025-10-13 00:40:04.312589+00:00
--------------------------------------------------------------------------------
Name : prometheus-podman-exporter
Product : Fedora 42
Version : 1.19.0
Release : 1.fc42
URL : https://github.com/containers/prometheus-podman-exporter
Summary : Prometheus exporter for podman environment
Description :
Prometheus exporter for podman environments exposing containers, pods, images,
volumes and networks information.
--------------------------------------------------------------------------------
Update Information:
release v1.19.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.19.0-1
- Release v1.19.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398876 - CVE-2025-47910 prometheus-podman-exporter: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398876
[ 2 ] Bug #2399554 - CVE-2025-47906 prometheus-podman-exporter: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399554
[ 3 ] Bug #2401402 - prometheus-podman-exporter-1.19.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2401402
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b4003be6a2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: podman-tui-1.9.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a8f5576fe3
2025-10-13 00:40:04.312566+00:00
--------------------------------------------------------------------------------
Name : podman-tui
Product : Fedora 42
Version : 1.9.0
Release : 1.fc42
URL : https://github.com/containers/podman-tui
Summary : Podman Terminal User Interface
Description :
podman-tui is a terminal user interface for Podman v4 and v5.
podman-tui is using podman.socket service to communicate with podman environment
and SSH to connect to remote podman machines.
--------------------------------------------------------------------------------
Update Information:
podman-tui release v1.9.0
podman-tui release 1.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.9.0-1
- Release v1.9.0
* Sun Sep 28 2025 Navid Yaghoobi [navidys@fedoraproject.org] - 1.8.1-1
- Release v1.8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398609 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2398609
[ 2 ] Bug #2398875 - CVE-2025-47910 podman-tui: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398875
[ 3 ] Bug #2399273 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399273
[ 4 ] Bug #2399552 - CVE-2025-47906 podman-tui: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399552
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a8f5576fe3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cef-140.1.15^chromium140.0.7339.207-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5fac63ba6a
2025-10-13 00:40:04.312593+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 140.1.15^chromium140.0.7339.207
Release : 3.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 140.1.15^chromium140.0.7339.207 (rhbz#2396308)
CVE-2025-10890: Side-channel information leakage in V8
CVE-2025-10891: Integer overflow in V8
CVE-2025-10892: Integer overflow in V8
CVE-2025-10585: Type Confusion in V8
CVE-2025-10500: Use after free in Dawn
CVE-2025-10501: Use after free in WebRTC
CVE-2025-10502: Heap buffer overflow in ANGLE
CVE-2025-10200: Use after free in Serviceworker
CVE-2025-10201: Inappropriate implementation in Mojo
CVE-2025-9864: Use after free in V8
CVE-2025-9865: Inappropriate implementation in Toolbar
CVE-2025-9866: Inappropriate implementation in Extensions
CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.207-1
- Update to 140.0.7339.207
- * CVE-2025-10890: Side-channel information leakage in V8
- * CVE-2025-10891: Integer overflow in V8
- * CVE-2025-10892: Integer overflow in V8
* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.185-1
- Update to 140.0.7339.185
- * CVE-2025-10585: Type Confusion in V8
- * CVE-2025-10500: Use after free in Dawn
- * CVE-2025-10501: Use after free in WebRTC
- * CVE-2025-10502: Heap buffer overflow in ANGLE
- * Fix rendering issue on epel9
* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.127-1
- Update to 140.0.7339.127
- * CVE-2025-10200: Use after free in Serviceworker
- * CVE-2025-10201: Inappropriate implementation in Mojo
* Tue Sep 30 2025 Than Ngo [than@redhat.com] - 140.1.15^chromium140.0.7339.80-1
- Update to 140.0.7339.80 (rhbz#2396308)
- * Update to cef-140.1.15+gfaef09b (rhbz#2380429) (Asahi Lina)
- * CVE-2025-9864: Use after free in V8
- * CVE-2025-9865: Inappropriate implementation in Toolbar
- * CVE-2025-9866: Inappropriate implementation in Extensions
- * CVE-2025-9867: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2396308 - cef-140.1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2396308
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5fac63ba6a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
