Fedora 41 Update: squid-6.14-1.fc41
Fedora 42 Update: chromium-141.0.7390.122-1.fc42
Fedora 42 Update: squid-6.14-1.fc42
Fedora 42 Update: python-sqlparse-0.4.2-14.fc42
[SECURITY] Fedora 41 Update: squid-6.14-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-252c9276b3
2025-10-27 01:17:23.777012+00:00
--------------------------------------------------------------------------------
Name : squid
Product : Fedora 41
Version : 6.14
Release : 1.fc41
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
--------------------------------------------------------------------------------
Update Information:
security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 18 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 7:6.14-1
- new version 6.14
- Resolves: CVE-2025-62168 - Information disclosure in Squid
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386063 - CVE-2025-54574 squid: Squid Buffer Overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2386063
[ 2 ] Bug #2386064 - CVE-2025-54574 squid: Squid Buffer Overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386064
[ 3 ] Bug #2399779 - CVE-2025-59362 squid: Squid cache buffer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399779
[ 4 ] Bug #2399780 - CVE-2025-59362 squid: Squid cache buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399780
[ 5 ] Bug #2404868 - CVE-2025-62168 squid: Squid vulnerable to information disclosure via authentication credential leakage in error handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2404868
[ 6 ] Bug #2404869 - CVE-2025-62168 squid: Squid vulnerable to information disclosure via authentication credential leakage in error handling [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404869
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-252c9276b3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: chromium-141.0.7390.122-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-80c24c67b6
2025-10-27 00:58:04.762871+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 141.0.7390.122
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 141.0.7390.122
High CVE-2025-12036 chromium: Inappropriate implementation in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Than Ngo [than@redhat.com] - 141.0.7390.122-1
- Update to 141.0.7390.122
* High CVE-2025-12036 chromium: Inappropriate implementation in V8
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-80c24c67b6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: squid-6.14-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f0452df4e2
2025-10-27 00:58:04.762856+00:00
--------------------------------------------------------------------------------
Name : squid
Product : Fedora 42
Version : 6.14
Release : 1.fc42
URL : http://www.squid-cache.org
Summary : The Squid proxy caching server
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
--------------------------------------------------------------------------------
Update Information:
security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 18 2025 Lubo?? Uhliarik [luhliari@redhat.com] - 7:6.14-1
- new version 6.14
- Resolves: CVE-2025-62168 - Information disclosure in Squid
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386063 - CVE-2025-54574 squid: Squid Buffer Overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2386063
[ 2 ] Bug #2386064 - CVE-2025-54574 squid: Squid Buffer Overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386064
[ 3 ] Bug #2399779 - CVE-2025-59362 squid: Squid cache buffer overflow [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399779
[ 4 ] Bug #2399780 - CVE-2025-59362 squid: Squid cache buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399780
[ 5 ] Bug #2404868 - CVE-2025-62168 squid: Squid vulnerable to information disclosure via authentication credential leakage in error handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2404868
[ 6 ] Bug #2404869 - CVE-2025-62168 squid: Squid vulnerable to information disclosure via authentication credential leakage in error handling [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2404869
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f0452df4e2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: python-sqlparse-0.4.2-14.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d2d3a5fa79
2025-10-27 00:58:04.762829+00:00
--------------------------------------------------------------------------------
Name : python-sqlparse
Product : Fedora 42
Version : 0.4.2
Release : 14.fc42
URL : https://github.com/andialbrecht/sqlparse
Summary : Non-validating SQL parser for Python
Description :
sqlparse is a tool for parsing SQL strings. It can generate pretty-printed
renderings of SQL in various formats.
It is a python module, together with a command-line tool.
--------------------------------------------------------------------------------
Update Information:
This update backports the upstream fixes for CVE-2023-30608 and CVE-2024-4340.
It also enables the test suite and corrects the SPDX license identifier.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 9 2025 Carl George [carlwgeorge@fedoraproject.org] - 0.4.2-14
- Switch to correct SPDX license
- Enable tests
- Backport patch to fix CVE-2023-30608
- Backport patch to fix CVE-2024-4340
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402812 - CVE-2024-4340 python-sqlparse: sqlparse: parsing heavily nested list leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2402812
[ 2 ] Bug #2402813 - CVE-2023-30608 python-sqlparse: sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2402813
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d2d3a5fa79' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
