Fedora 40 Update: qt6-qtwebengine-6.8.2-4.fc40
Fedora 40 Update: tigervnc-1.15.0-2.fc40
Fedora 40 Update: xorg-x11-server-Xwayland-24.1.6-1.fc40
Fedora 41 Update: ffmpeg-7.1.1-1.fc41
[SECURITY] Fedora 40 Update: qt6-qtwebengine-6.8.2-4.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-af22a87e43
2025-03-13 01:47:29.556536+00:00
--------------------------------------------------------------------------------
Name : qt6-qtwebengine
Product : Fedora 40
Version : 6.8.2
Release : 4.fc40
URL : http://www.qt.io
Summary : Qt6 - QtWebEngine components
Description :
Qt6 - QtWebEngine components.
--------------------------------------------------------------------------------
Update Information:
Unbundle libxml.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 4 2025 Jan Grulich [jgrulich@redhat.com] - 6.8.2-4
- Unbundle libxml and libxslt
* Mon Mar 3 2025 Jan Grulich [jgrulich@redhat.com] - 6.8.2-3
- Rework OpenH264 support following Chromium package
- Backport upstream change for ffmpeg codec selection issues.
* Mon Feb 17 2025 Jan Grulich [jgrulich@redhat.com] - 6.8.2-2
- Bump build for ppc64le enablement
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2280538 - CVE-2024-34459 qt6-qtwebengine: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280538
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-af22a87e43' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: tigervnc-1.15.0-2.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a87bc329fe
2025-03-13 01:47:29.556428+00:00
--------------------------------------------------------------------------------
Name : tigervnc
Product : Fedora 40
Version : 1.15.0
Release : 2.fc40
URL : http://www.tigervnc.com
Summary : A TigerVNC remote display system
Description :
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.
--------------------------------------------------------------------------------
Update Information:
Fixes for xorg-x11-server CVEs.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 3 2025 Jan Grulich [jgrulich@redhat.com] - 1.15.0-2
- Rebuild (xorg-x11-server)
Fixes CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597,
CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2349366 - CVE-2025-26598 tigervnc: Out-of-bounds write in CreatePointerBarrierClient() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349366
[ 2 ] Bug #2349369 - CVE-2025-26594 tigervnc: Use-after-free of the root cursor [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349369
[ 3 ] Bug #2349372 - CVE-2025-26596 tigervnc: Heap overflow in XkbWriteKeySyms() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349372
[ 4 ] Bug #2349375 - CVE-2025-26595 tigervnc: Buffer overflow in XkbVModMaskText() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349375
[ 5 ] Bug #2349378 - CVE-2025-26597 tigervnc: Buffer overflow in XkbChangeTypesOfKey() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349378
[ 6 ] Bug #2349455 - CVE-2025-26599 tigervnc: Use of uninitialized pointer in compRedirectWindow() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349455
[ 7 ] Bug #2349460 - CVE-2025-26601 tigervnc: Use-after-free in SyncInitTrigger() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349460
[ 8 ] Bug #2349461 - CVE-2025-26600 tigervnc: Use-after-free in PlayReleasedEvents() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2349461
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a87bc329fe' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: xorg-x11-server-Xwayland-24.1.6-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4a832bf2b1
2025-03-13 01:47:29.556409+00:00
--------------------------------------------------------------------------------
Name : xorg-x11-server-Xwayland
Product : Fedora 40
Version : 24.1.6
Release : 1.fc40
URL : http://www.x.org
Summary : Xwayland
Description :
Xwayland is an X server for running X clients under Wayland.
--------------------------------------------------------------------------------
Update Information:
xwayland 24.1.6
CVE fix for: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597,
CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 26 2025 Olivier Fourdan [ofourdan@redhat.com] - 24.1.6-1
- xwayland 24.1.6 (#2343992)
- CVE fix for: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597,
CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2343992 - xorg-x11-server-Xwayland-24.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2343992
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4a832bf2b1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ffmpeg-7.1.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ab5fe60520
2025-03-13 01:09:59.782815+00:00
--------------------------------------------------------------------------------
Name : ffmpeg
Product : Fedora 41
Version : 7.1.1
Release : 1.fc41
URL : https://ffmpeg.org/
Summary : A complete solution to record, convert and stream audio and video
Description :
FFmpeg is a leading multimedia framework, able to decode, encode, transcode,
mux, demux, stream, filter and play pretty much anything that humans and
machines have created. It supports the most obscure ancient formats up to the
cutting edge. No matter if they were designed by some standards committee, the
community or a corporation.
This build of ffmpeg is limited in the number of codecs supported.
--------------------------------------------------------------------------------
Update Information:
Latest maintenance release from 7.1 branch. Changelog:
https://github.com/FFmpeg/FFmpeg/blob/n7.1.1/Changelog .
Contains backported fix for CVE-2025-22921.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 6 2025 Dominik Mierzejewski [dominik@greysector.net] - 7.1.1-1
- Update to 7.1.1 (resolves rhbz#2349351)
- Enable LC3 codec via liblc3
- Backport fix for CVE-2025-22921 (resolves rhbz#2346558)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2346558 - CVE-2025-22921 ffmpeg: Segmentation Violation in FFmpeg [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2346558
[ 2 ] Bug #2346566 - CVE-2025-25468 ffmpeg: Memory Leak in FFmpeg libavutil/mem.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2346566
[ 3 ] Bug #2349351 - ffmpeg-7.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2349351
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ab5fe60520' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
