Fedora 42 Update: toolbox-0.2-1.fc42
Fedora 42 Update: clash-meta-1.19.12-1.fc42
Fedora 41 Update: chromium-139.0.7258.66-1.fc41
Fedora 41 Update: mingw-python3-3.11.13-4.fc41
Fedora 41 Update: php-adodb-5.22.10-1.fc41
Fedora 42 Update: openjpeg-2.5.3-8.fc42
Fedora 42 Update: mingw-python3-3.11.13-4.fc42
Fedora 42 Update: php-adodb-5.22.10-1.fc42
[SECURITY] Fedora 42 Update: toolbox-0.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e41c694c83
2025-08-11 17:03:33.367585+00:00
--------------------------------------------------------------------------------
Name : toolbox
Product : Fedora 42
Version : 0.2
Release : 1.fc42
URL : https://containertoolbx.org/
Summary : Tool for interactive command line environments on Linux
Description :
Toolbx is a tool for Linux, which allows the use of interactive command line
environments for software development and troubleshooting the host operating
system, without having to install software on the host. It is built on top of
Podman and other standard container technologies from OCI.
Toolbx environments have seamless access to the user's home directory, the
Wayland and X11 sockets, networking (including Avahi), removable devices (like
USB sticks), systemd journal, SSH agent, D-Bus, ulimits, /dev and the udev
database, etc..
--------------------------------------------------------------------------------
Update Information:
Security fixes
Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for
GHSA-fv92-fjc5-jj9h or GO-2025-3787
Bumped the minimum github.com/NVIDIA/nvidia-container-toolkit version to
1.17.8 for CVE-2025-23266 and CVE-2025-23267
Bug fixes
Improved error handling when creating symbolic links inside the container
to initialize it
Preserved environment variables set by a KDE session and Konsole
Unbroke access to CA certificates in sshd(8) sessions (regression in 0.1.2)
Unbroke overriding the HOME variable (regression in 0.0.90)
Dependencies
Bumped the minimum Go version to 1.22
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 9 2025 Debarshi Ray [rishi@fedoraproject.org] - 0.2-1
- Update to 0.2
- Fix CVE-2025-23266, CVE-2025-23267, and GHSA-fv92-fjc5-jj9h or GO-2025-3787
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2375632 - toolbox: mapstructure May Leak Sensitive Information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2375632
[ 2 ] Bug #2382220 - CVE-2025-23266 toolbox: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2382220
[ 3 ] Bug #2387403 - toolbox-0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2387403
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e41c694c83' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: clash-meta-1.19.12-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b4a1689983
2025-08-11 17:03:33.367572+00:00
--------------------------------------------------------------------------------
Name : clash-meta
Product : Fedora 42
Version : 1.19.12
Release : 1.fc42
URL : https://github.com/metacubex/mihomo
Summary : A rule based network proxy tool, also be known as mihomo
Description :
A rule based network proxy tool, also be known as mihomo.
--------------------------------------------------------------------------------
Update Information:
upgrade to 1.19.12
Mitigating remote code execution vulnerabilities using systemd sandboxing
features.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 2 2025 Nianqing Yao [imbearchild@outlook.com] - 1.19.12-1
- upgrade to 1.19.12
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b4a1689983' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: chromium-139.0.7258.66-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-81d05a9171
2025-08-12 01:10:57.059313+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 139.0.7258.66
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Updated to 139.0.7258.66
* CVE-2025-8576: Use after free in Extensions
* CVE-2025-8578: Use after free in Cast
* CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
* CVE-2025-8580: Inappropriate implementation in Filesystems
* CVE-2025-8581: Inappropriate implementation in Extensions
* CVE-2025-8582: Insufficient validation of untrusted input in DOM
* CVE-2025-8583: Inappropriate implementation in Permissions
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 5 2025 Than Ngo [than@redhat.com] - 139.0.7258.66-1
- Updated to 139.0.7258.66
* CVE-2025-8576: Use after free in Extensions
* CVE-2025-8578: Use after free in Cast
* CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
* CVE-2025-8580: Inappropriate implementation in Filesystems
* CVE-2025-8581: Inappropriate implementation in Extensions
* CVE-2025-8582: Insufficient validation of untrusted input in DOM
* CVE-2025-8583: Inappropriate implementation in Permissions
* Mon Aug 4 2025 Tom Stellard [tstellar@redhat.com] - 138.0.7204.183-2
- Backport fix for build failure with clang-21
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386895 - Update chromium to 139.0.7258.66
https://bugzilla.redhat.com/show_bug.cgi?id=2386895
[ 2 ] Bug #2387025 - CVE-2025-8583 chromium: Inappropriate implementation in Permissions in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387025
[ 3 ] Bug #2387026 - CVE-2025-8583 chromium: Inappropriate implementation in Permissions in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387026
[ 4 ] Bug #2387027 - CVE-2025-8580 chromium: Inappropriate implementation in Filesystems in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387027
[ 5 ] Bug #2387028 - CVE-2025-8580 chromium: Inappropriate implementation in Filesystems in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387028
[ 6 ] Bug #2387029 - CVE-2025-8582 chromium: Insufficient validation of untrusted input in Core in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387029
[ 7 ] Bug #2387031 - CVE-2025-8582 chromium: Insufficient validation of untrusted input in Core in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387031
[ 8 ] Bug #2387032 - CVE-2025-8577 chromium: Inappropriate implementation in Picture In Picture in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387032
[ 9 ] Bug #2387033 - CVE-2025-8577 chromium: Inappropriate implementation in Picture In Picture in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387033
[ 10 ] Bug #2387034 - CVE-2025-8576 chromium: Use after free in Extensions in Google Chrome [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387034
[ 11 ] Bug #2387035 - CVE-2025-8576 chromium: Use after free in Extensions in Google Chrome [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2387035
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-81d05a9171' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-python3-3.11.13-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-64abf2ff21
2025-08-12 01:10:57.059301+00:00
--------------------------------------------------------------------------------
Name : mingw-python3
Product : Fedora 41
Version : 3.11.13
Release : 4.fc41
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-8194.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 3 2025 Sandro Mani [manisandro@gmail.com] - 3.11.13-4
- Backport upstream fix for CVE-2025-8194
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384063 - CVE-2025-8194 mingw-python3: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384063
[ 2 ] Bug #2384074 - CVE-2025-8194 mingw-python3: Cpython infinite loop when parsing a tarfile [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384074
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-64abf2ff21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: php-adodb-5.22.10-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c35c1e0e04
2025-08-12 01:10:57.059296+00:00
--------------------------------------------------------------------------------
Name : php-adodb
Product : Fedora 41
Version : 5.22.10
Release : 1.fc41
URL : http://adodb.org
Summary : Database abstraction layer for PHP
Description :
ADOdb is an object oriented library written in PHP that abstracts database
operations for portability. It is modelled on Microsoft's ADO, but has many
improvements that make it unique (eg. pivot tables, Active Record support,
generating HTML for paging recordsets with next and previous links, cached
recordsets, HTML menu generation, etc).
ADOdb hides the differences between the different databases so you can easily
switch DBs without changing code.
--------------------------------------------------------------------------------
Update Information:
5.22.10
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 3 2025 Gwyn Ciesla [gwync@protonmail.com] - 5.22.10-1
- 5.22.10
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.22.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386492 - CVE-2025-54119 php-adodb: ADOdb: SQL Injection via Meta Queries [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2386492
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c35c1e0e04' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: openjpeg-2.5.3-8.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8355fbd790
2025-08-12 00:55:59.003836+00:00
--------------------------------------------------------------------------------
Name : openjpeg
Product : Fedora 42
Version : 2.5.3
Release : 8.fc42
URL : https://github.com/uclouvain/openjpeg
Summary : C-Library for JPEG 2000
Description :
The OpenJPEG library is an open-source JPEG 2000 library developed in order to
promote the use of JPEG 2000.
This package contains
* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1
compliance).
* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple
component transforms for multispectral and hyperspectral imagery)
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-54874.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 10 2025 Sandro Mani [manisandro@gmail.com] - 2.5.3-8
- Backport fix for CVE-2025-54874
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.5.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386563 - CVE-2025-54874 openjpeg: OpenJPEG OOB heap memory write [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2386563
[ 2 ] Bug #2386568 - CVE-2025-54874 openjpeg: OpenJPEG OOB heap memory write [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386568
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8355fbd790' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-python3-3.11.13-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2e992ddfa0
2025-08-12 00:55:59.003816+00:00
--------------------------------------------------------------------------------
Name : mingw-python3
Product : Fedora 42
Version : 3.11.13
Release : 4.fc42
URL : https://www.python.org/
Summary : MinGW Windows python3
Description :
MinGW Windows python3
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2025-8194.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 3 2025 Sandro Mani [manisandro@gmail.com] - 3.11.13-4
- Backport upstream fix for CVE-2025-8194
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.11.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2384063 - CVE-2025-8194 mingw-python3: Cpython infinite loop when parsing a tarfile [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2384063
[ 2 ] Bug #2384074 - CVE-2025-8194 mingw-python3: Cpython infinite loop when parsing a tarfile [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2384074
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2e992ddfa0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: php-adodb-5.22.10-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c097d23f40
2025-08-12 00:55:59.003811+00:00
--------------------------------------------------------------------------------
Name : php-adodb
Product : Fedora 42
Version : 5.22.10
Release : 1.fc42
URL : http://adodb.org
Summary : Database abstraction layer for PHP
Description :
ADOdb is an object oriented library written in PHP that abstracts database
operations for portability. It is modelled on Microsoft's ADO, but has many
improvements that make it unique (eg. pivot tables, Active Record support,
generating HTML for paging recordsets with next and previous links, cached
recordsets, HTML menu generation, etc).
ADOdb hides the differences between the different databases so you can easily
switch DBs without changing code.
--------------------------------------------------------------------------------
Update Information:
5.22.10
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 3 2025 Gwyn Ciesla [gwync@protonmail.com] - 5.22.10-1
- 5.22.10
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 5.22.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386493 - CVE-2025-54119 php-adodb: ADOdb: SQL Injection via Meta Queries [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386493
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c097d23f40' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
