Fedora 43 Update: unbound-1.24.2-1.fc43
Fedora 43 Update: linux-firmware-20251125-1.fc43
Fedora 43 Update: migrate-4.19.0-1.fc43
Fedora 43 Update: rnp-0.18.1-1.fc43
Fedora 43 Update: drupal7-7.103-1.fc43
Fedora 43 Update: cef-142.0.14^chromium142.0.7444.162-1.fc43
Fedora 41 Update: drupal7-7.103-1.fc41
Fedora 41 Update: rnp-0.18.1-1.fc41
Fedora 42 Update: linux-firmware-20251125-1.fc42
Fedora 42 Update: migrate-4.19.0-1.fc42
Fedora 42 Update: pack-0.38.2-1.fc42
Fedora 42 Update: rnp-0.18.1-1.fc42
Fedora 42 Update: drupal7-7.103-1.fc42
Fedora 42 Update: cef-142.0.14^chromium142.0.7444.162-1.fc42
[SECURITY] Fedora 43 Update: unbound-1.24.2-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-90281e4554
2025-11-29 16:43:28.332744+00:00
--------------------------------------------------------------------------------
Name : unbound
Product : Fedora 43
Version : 1.24.2
Release : 1.fc43
URL : https://nlnetlabs.nl/projects/unbound/
Summary : Validating, recursive, and caching DNS(SEC) resolver
Description :
Unbound is a validating, recursive, and caching DNS(SEC) resolver.
The C implementation of Unbound is developed and maintained by NLnet
Labs. It is based on ideas and algorithms taken from a java prototype
developed by Verisign labs, Nominet, Kirei and ep.net.
Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
as a server, but are linked into an application) are easily possible.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.2 (rhbz#2417261)
Additional fix for CVE-2025-11411
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2
Do not always initialize QUIC library, even if not usage of QUIC is configured.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 26 2025 Petr Men????k [pemensik@redhat.com] - 1.24.2-1
- Update to 1.16.2 (rhbz#2417261)
- Additional fix for CVE-2025-11411
* Tue Nov 25 2025 Petr Men????k [pemensik@redhat.com] - 1.24.1-7
- Create root.key from dns-root-data
* Tue Nov 25 2025 Petr Men????k [pemensik@redhat.com] - 1.24.1-6
- Add dependency on dns-root-data package
* Mon Nov 24 2025 Petr Men????k [pemensik@redhat.com] - 1.24.1-5
- Do not initialize QUIC when not requested (rhbz#2416728)
* Thu Nov 6 2025 Petr Men????k [pemensik@redhat.com] - 1.24.1-4
- Do not build with QUIC support in RHEL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2416728 - Unbound fails to start in FIPS mode on Fedora 43 due to unconditional QUIC (DoQ) crypto initialization (ngtcp2_crypto_ossl_init failure)
https://bugzilla.redhat.com/show_bug.cgi?id=2416728
[ 2 ] Bug #2417261 - unbound-1.24.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2417261
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-90281e4554' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: linux-firmware-20251125-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-698dc1bbfa
2025-11-29 16:43:28.332734+00:00
--------------------------------------------------------------------------------
Name : linux-firmware
Product : Fedora 43
Version : 20251125
Release : 1.fc43
URL : http://www.kernel.org/
Summary : Firmware files used by the Linux kernel
Description :
This package includes firmware files required for some devices to
operate.
--------------------------------------------------------------------------------
Update Information:
Update to 20251125:
Revert "amdgpu: update GC 11.0.1 firmware"
QCA: Add Bluetooth firmware for WCN685x uart interface
qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3
qcom: venus-5.4: update firmware binary for v5.4
qcom: venus-5.4: remove unused firmware file
iwlwifi: add Sc/Wh FW for core98-181 release
amdgpu: DMCUB updates for various ASICs
rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04
ASoC: tas2781: Add more symbol links on SPI devices
amdgpu: update numerous firmware
amdgpu: add vce1 firmware
mediatek MT7922: update bluetooth firmware to 20251118163447
update firmware for MT7922 WiFi device
qcom: update ADSP, CDSP firmware for kaanapali platform, change the license
qcom: add ADSP, CDSP firmware for sm8750 platform
rtl_nic: add firmware rtl9151a-1
qcom: Update aic100 firmware files
mt76: add firmware for MT7990
mt76: update firmware for MT7992/MT7996
cirrus: cs35l57: Add firmware for a few Dell products
cirrus: cs42l45: Add firmware for Cirrus Logic CS42L45 SDCA codec
qcom: Add sdx35 Foxconn vendor firmware image file
Update AMD cpu microcode
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 20251125-1
- Update to 20251125
- Revert "amdgpu: update GC 11.0.1 firmware"
- QCA: Add Bluetooth firmware for WCN685x uart interface
- qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3
- qcom: venus-5.4: update firmware binary for v5.4
- qcom: venus-5.4: remove unused firmware file
- iwlwifi: add Sc/Wh FW for core98-181 release
- amdgpu: DMCUB updates for various ASICs
- rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04
- ASoC: tas2781: Add more symbol links on SPI devices
- amdgpu: update numerous firmware
- amdgpu: add vce1 firmware
- mediatek MT7922: update bluetooth firmware to 20251118163447
- update firmware for MT7922 WiFi device
- qcom: update ADSP, CDSP firmware for kaanapali platform, change the license
- qcom: add ADSP, CDSP firmware for sm8750 platform
- rtl_nic: add firmware rtl9151a-1
- qcom: Update aic100 firmware files
- mt76: add firmware for MT7990
- mt76: update firmware for MT7992/MT7996
- cirrus: cs35l57: Add firmware for a few Dell products
- cirrus: cs42l45: Add firmware for Cirrus Logic CS42L45 SDCA codec
- qcom: Add sdx35 Foxconn vendor firmware image file
- Update AMD cpu microcode
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-698dc1bbfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: migrate-4.19.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-427af3b610
2025-11-29 16:43:28.332703+00:00
--------------------------------------------------------------------------------
Name : migrate
Product : Fedora 43
Version : 4.19.0
Release : 1.fc43
URL : https://github.com/golang-migrate/migrate
Summary : Go database migrations library and program
Description :
Go database migrations library and program.
This package is built with the following databases backends:
* cassandra
* cockroachdb
* mongodb
* mysql
* postgres
* redshift
* sqlite3
* sqlite
This package is built with the following source backends:
* github
* gitlab
* go-bindata
* godoc-vfs
* gcs
* iofs
* pkger
* s3
--------------------------------------------------------------------------------
Update Information:
Update to 4.19.0
Address CVEs by rebuilding with Go 1.25.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2025 Link Dupont - 4.19.0-1
- Update to version 4.19.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2408323 - CVE-2025-58189 migrate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408323
[ 2 ] Bug #2409796 - CVE-2025-61723 migrate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409796
[ 3 ] Bug #2410746 - CVE-2025-58185 migrate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410746
[ 4 ] Bug #2411642 - CVE-2025-58188 migrate: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2411642
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-427af3b610' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: rnp-0.18.1-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a96ccc98ca
2025-11-29 16:43:28.332695+00:00
--------------------------------------------------------------------------------
Name : rnp
Product : Fedora 43
Version : 0.18.1
Release : 1.fc43
URL : https://github.com/rnpgp/rnp
Summary : OpenPGP (RFC4880) tools
Description :
RNP is a set of OpenPGP (RFC4880) tools.
--------------------------------------------------------------------------------
Update Information:
Version 0.18.1
Security
Fixed critical issue where PKESK (public-key encrypted) session keys were
generated as all-zero, allowing trivial decryption of messages encrypted with
public keys only (CVE-2025-13470, CVE-2025-13402)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2025 Remi Collet [remi@remirepo.net] - 0.18.1-1
- update to 0.18.1 for CVE-2025-13402
- disable gpg check reported as https://github.com/rnpgp/rnp/issues/2375
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415870 - CVE-2025-13402 rnp: RNP PKESK Session Keys Generated as All???Zero [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2415870
[ 2 ] Bug #2417035 - CVE-2025-13470 rnp: RNP: Confidentiality compromise due to uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417035
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a96ccc98ca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: drupal7-7.103-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-355d5aac01
2025-11-29 16:43:28.332599+00:00
--------------------------------------------------------------------------------
Name : drupal7
Product : Fedora 43
Version : 7.103
Release : 1.fc43
URL : https://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/project/drupal/releases/7.99
https://www.drupal.org/project/drupal/releases/7.100
https://www.drupal.org/project/drupal/releases/7.101
https://www.drupal.org/project/drupal/releases/7.102
https://www.drupal.org/sa-core-2024-005
https://www.drupal.org/sa-core-2024-008
https://www.drupal.org/project/drupal/releases/7.103
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Shawn Iwinski [shawn.iwinski@gmail.com] - 7.103-1
- Update to 7.103 (RHBZ #2253220)
- SA-CORE-2024-005 / CVE-2024-55635
- SA-CORE-2024-008 / CVE-2024-55638
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2253220 - drupal7-7.103 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2253220
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-355d5aac01' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: cef-142.0.14^chromium142.0.7444.162-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-604e02ca72
2025-11-29 16:43:28.332542+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 43
Version : 142.0.14^chromium142.0.7444.162
Release : 1.fc43
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 142.0.7444.162
High CVE-2025-12725: Out of bounds write in WebGPU
High CVE-2025-12726: Inappropriate implementation in Views
High CVE-2025-12727: Inappropriate implementation in V8
Medium CVE-2025-12728: Inappropriate implementation in Omnibox
Medium CVE-2025-12729: Inappropriate implementation in Omnibox
High CVE-2025-12428: Type Confusion in V8
High CVE-2025-12429: Inappropriate implementation in V8
High CVE-2025-12430: Object lifecycle issue in Media
High CVE-2025-12431: Inappropriate implementation in Extensions
High CVE-2025-12432: Race in V8
High CVE-2025-12433: Inappropriate implementation in V8
High CVE-2025-12036: Inappropriate implementation in V8
Medium CVE-2025-12434: Race in Storage
Medium CVE-2025-12435: Incorrect security UI in Omnibox
Medium CVE-2025-12436: Policy bypass in Extensions
Medium CVE-2025-12437: Use after free in PageInfo
Medium CVE-2025-12438: Use after free in Ozone
Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
Low CVE-2025-12440: Inappropriate implementation in Autofill
Medium CVE-2025-12441: Out of bounds read in V8
Medium CVE-2025-12443: Out of bounds read in WebXR
Low CVE-2025-12444: Incorrect security UI in Fullscreen UI
Low CVE-2025-12445: Policy bypass in Extensions
Low CVE-2025-12446: Incorrect security UI in SplitView
Low CVE-2025-12447: Incorrect security UI in Omnibox
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2025 Asahi Lina [lina@lina.yt] - 142.0.14^chromium142.0.7444.162-1
- Update to cef-142.0.14+gceaf578 (rhbz#2413981)
* Tue Nov 18 2025 Than Ngo [than@redhat.com] - 142.0.10^chromium142.0.7444.162-4
- Fix FTBFS caused by rust-1.88 on EL9
* Tue Nov 18 2025 Than Ngo [than@redhat.com] - 142.0.10^chromium142.0.7444.162-3
- Fix FTBFS - epel9 has new rust-1.88, dropp chromium-134-rust-
libadler2.patch
* Fri Nov 14 2025 Than Ngo [than@redhat.com] - 142.0.10^chromium142.0.7444.162-1
- Update to 142.0.7444.162
- * High CVE-2025-13042: Inappropriate implementation in V8
* Tue Nov 11 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 142.0.10^chromium142.0.7444.134-2
- Rebuilt for FFmpeg 8
* Tue Nov 11 2025 Asahi Lina [lina@lina.yt] - 142.0.10^chromium142.0.7444.134-1
- Update to cef-142.0.10+g29548e2 (rhbz#2413981)
* Sun Nov 9 2025 Than Ngo [than@redhat.com] - 142.0.6^chromium142.0.7444.134-1
- Update to 142.0.7444.134 (rhbz#2413621)
- * High CVE-2025-12725: Out of bounds write in WebGPU
- * High CVE-2025-12726: Inappropriate implementation in Views
- * High CVE-2025-12727: Inappropriate implementation in V8
- * Medium CVE-2025-12728: Inappropriate implementation in Omnibox
- * Medium CVE-2025-12729: Inappropriate implementation in Omnibox
* Sun Nov 9 2025 Than Ngo [than@redhat.com] - 142.0.6^chromium142.0.7444.59-5
- Add CVEs in changelog
- * High CVE-2025-12428: Type Confusion in V8
- * High CVE-2025-12429: Inappropriate implementation in V8
- * High CVE-2025-12430: Object lifecycle issue in Media
- * High CVE-2025-12431: Inappropriate implementation in Extensions
- * High CVE-2025-12432: Race in V8
- * High CVE-2025-12433: Inappropriate implementation in V8
- * High CVE-2025-12036: Inappropriate implementation in V8
- * Medium CVE-2025-12434: Race in Storage
- * Medium CVE-2025-12435: Incorrect security UI in Omnibox
- * Medium CVE-2025-12436: Policy bypass in Extensions
- * Medium CVE-2025-12437: Use after free in PageInfo
- * Medium CVE-2025-12438: Use after free in Ozone
- * Medium CVE-2025-12439: Inappropriate implementation in App-Bound
Encryption
- * Low CVE-2025-12440: Inappropriate implementation in Autofill
- * Medium CVE-2025-12441: Out of bounds read in V8
- * Medium CVE-2025-12443: Out of bounds read in WebXR
- * Low CVE-2025-12444: Incorrect security UI in Fullscreen UI
- * Low CVE-2025-12445: Policy bypass in Extensions
- * Low CVE-2025-12446: Incorrect security UI in SplitView
- * Low CVE-2025-12447: Incorrect security UI in Omnibox
* Tue Nov 4 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 142.0.6^chromium142.0.7444.59-2
- Rebuilt for FFmpeg 8
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-604e02ca72' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: drupal7-7.103-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d645721ca4
2025-11-29 16:05:06.047940+00:00
--------------------------------------------------------------------------------
Name : drupal7
Product : Fedora 41
Version : 7.103
Release : 1.fc41
URL : https://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/project/drupal/releases/7.99
https://www.drupal.org/project/drupal/releases/7.100
https://www.drupal.org/project/drupal/releases/7.101
https://www.drupal.org/project/drupal/releases/7.102
https://www.drupal.org/sa-core-2024-005
https://www.drupal.org/sa-core-2024-008
https://www.drupal.org/project/drupal/releases/7.103
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Shawn Iwinski [shawn.iwinski@gmail.com] - 7.103-1
- Update to 7.103 (RHBZ #2253220)
- SA-CORE-2024-005 / CVE-2024-55635
- SA-CORE-2024-008 / CVE-2024-55638
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 7.98-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jan 16 2025 Fedora Release Engineering [releng@fedoraproject.org] - 7.98-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Aug 28 2024 Miroslav Such?? [msuchy@redhat.com] - 7.98-5
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2253220 - drupal7-7.103 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2253220
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d645721ca4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: rnp-0.18.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bc8b81c28d
2025-11-29 19:57:40.628634+00:00
--------------------------------------------------------------------------------
Name : rnp
Product : Fedora 41
Version : 0.18.1
Release : 1.fc41
URL : https://github.com/rnpgp/rnp
Summary : OpenPGP (RFC4880) tools
Description :
RNP is a set of OpenPGP (RFC4880) tools.
--------------------------------------------------------------------------------
Update Information:
Version 0.18.1
Security
Fixed critical issue where PKESK (public-key encrypted) session keys were
generated as all-zero, allowing trivial decryption of messages encrypted with
public keys only (CVE-2025-13402)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2025 Remi Collet [remi@remirepo.net] - 0.18.1-1
- update to 0.18.1 for CVE-2025-13402
- disable gpg check reported as https://github.com/rnpgp/rnp/issues/2375
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415868 - CVE-2025-13402 rnp: RNP PKESK Session Keys Generated as All???Zero [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2415868
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bc8b81c28d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: linux-firmware-20251125-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a45a370014
2025-11-29 17:02:16.261398+00:00
--------------------------------------------------------------------------------
Name : linux-firmware
Product : Fedora 42
Version : 20251125
Release : 1.fc42
URL : http://www.kernel.org/
Summary : Firmware files used by the Linux kernel
Description :
This package includes firmware files required for some devices to
operate.
--------------------------------------------------------------------------------
Update Information:
Update to 20251125:
Revert "amdgpu: update GC 11.0.1 firmware"
QCA: Add Bluetooth firmware for WCN685x uart interface
qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3
qcom: venus-5.4: update firmware binary for v5.4
qcom: venus-5.4: remove unused firmware file
iwlwifi: add Sc/Wh FW for core98-181 release
amdgpu: DMCUB updates for various ASICs
rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04
ASoC: tas2781: Add more symbol links on SPI devices
amdgpu: update numerous firmware
amdgpu: add vce1 firmware
mediatek MT7922: update bluetooth firmware to 20251118163447
update firmware for MT7922 WiFi device
qcom: update ADSP, CDSP firmware for kaanapali platform, change the license
qcom: add ADSP, CDSP firmware for sm8750 platform
rtl_nic: add firmware rtl9151a-1
qcom: Update aic100 firmware files
mt76: add firmware for MT7990
mt76: update firmware for MT7992/MT7996
cirrus: cs35l57: Add firmware for a few Dell products
cirrus: cs42l45: Add firmware for Cirrus Logic CS42L45 SDCA codec
qcom: Add sdx35 Foxconn vendor firmware image file
Update AMD cpu microcode
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 25 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 20251125-1
- Update to 20251125
- Revert "amdgpu: update GC 11.0.1 firmware"
- QCA: Add Bluetooth firmware for WCN685x uart interface
- qcom: Add ADSP firmware for qcs6490-thundercomm-rubikpi3
- qcom: venus-5.4: update firmware binary for v5.4
- qcom: venus-5.4: remove unused firmware file
- iwlwifi: add Sc/Wh FW for core98-181 release
- amdgpu: DMCUB updates for various ASICs
- rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04
- ASoC: tas2781: Add more symbol links on SPI devices
- amdgpu: update numerous firmware
- amdgpu: add vce1 firmware
- mediatek MT7922: update bluetooth firmware to 20251118163447
- update firmware for MT7922 WiFi device
- qcom: update ADSP, CDSP firmware for kaanapali platform, change the license
- qcom: add ADSP, CDSP firmware for sm8750 platform
- rtl_nic: add firmware rtl9151a-1
- qcom: Update aic100 firmware files
- mt76: add firmware for MT7990
- mt76: update firmware for MT7992/MT7996
- cirrus: cs35l57: Add firmware for a few Dell products
- cirrus: cs42l45: Add firmware for Cirrus Logic CS42L45 SDCA codec
- qcom: Add sdx35 Foxconn vendor firmware image file
- Update AMD cpu microcode
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a45a370014' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: migrate-4.19.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-57302ba8ea
2025-11-29 17:02:16.261386+00:00
--------------------------------------------------------------------------------
Name : migrate
Product : Fedora 42
Version : 4.19.0
Release : 1.fc42
URL : https://github.com/golang-migrate/migrate
Summary : Go database migrations library and program
Description :
Go database migrations library and program.
This package is built with the following databases backends:
* cassandra
* cockroachdb
* mongodb
* mysql
* postgres
* redshift
* sqlite3
* sqlite
This package is built with the following source backends:
* github
* gitlab
* go-bindata
* godoc-vfs
* gcs
* iofs
* pkger
* s3
--------------------------------------------------------------------------------
Update Information:
Update to 4.19.0
Address CVEs by rebuilding with Go 1.24.10
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2025 Link Dupont - 4.19.0-1
- Update to version 4.19.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360648 - CVE-2025-22872 migrate: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2360648
[ 2 ] Bug #2408067 - CVE-2025-58189 migrate: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408067
[ 3 ] Bug #2409536 - CVE-2025-61723 migrate: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409536
[ 4 ] Bug #2410487 - CVE-2025-58185 migrate: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410487
[ 5 ] Bug #2411385 - CVE-2025-58188 migrate: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411385
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-57302ba8ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: pack-0.38.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-387540db1f
2025-11-29 17:02:16.261388+00:00
--------------------------------------------------------------------------------
Name : pack
Product : Fedora 42
Version : 0.38.2
Release : 1.fc42
URL : https://github.com/buildpacks/pack
Summary : Convert code into runnable images
Description :
pack is a CLI implementation of the Platform Interface Specification
for Cloud Native Buildpacks.
--------------------------------------------------------------------------------
Update Information:
bump to v0.38.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2025 Lokesh Mandvekar [lsm5@redhat.com] - 0.38.2-1
- bump to v0.38.2
* Fri Oct 10 2025 Alejandro S??ez [asm@redhat.com] - 0.32.0-9
- rebuild
* Fri Aug 15 2025 Maxwell G [maxwell@gtmx.me] - 0.32.0-8
- Rebuild for golang-1.25.0
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.32.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386310 - CVE-2025-8556 pack: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386310
[ 2 ] Bug #2398873 - CVE-2025-47910 pack: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398873
[ 3 ] Bug #2399550 - CVE-2025-47906 pack: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399550
[ 4 ] Bug #2408083 - CVE-2025-58189 pack: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2408083
[ 5 ] Bug #2409553 - CVE-2025-61723 pack: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409553
[ 6 ] Bug #2410504 - CVE-2025-58185 pack: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410504
[ 7 ] Bug #2411402 - CVE-2025-58188 pack: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2411402
[ 8 ] Bug #2412812 - CVE-2025-58183 pack: Unbounded allocation when parsing GNU sparse map [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2412812
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-387540db1f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rnp-0.18.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7bef956026
2025-11-29 17:02:16.261378+00:00
--------------------------------------------------------------------------------
Name : rnp
Product : Fedora 42
Version : 0.18.1
Release : 1.fc42
URL : https://github.com/rnpgp/rnp
Summary : OpenPGP (RFC4880) tools
Description :
RNP is a set of OpenPGP (RFC4880) tools.
--------------------------------------------------------------------------------
Update Information:
Version 0.18.1
Security
Fixed critical issue where PKESK (public-key encrypted) session keys were
generated as all-zero, allowing trivial decryption of messages encrypted with
public keys only (CVE-2025-13470, CVE-2025-13402)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 21 2025 Remi Collet [remi@remirepo.net] - 0.18.1-1
- update to 0.18.1 for CVE-2025-13402
- disable gpg check reported as https://github.com/rnpgp/rnp/issues/2375
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2415869 - CVE-2025-13402 rnp: RNP PKESK Session Keys Generated as All???Zero [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2415869
[ 2 ] Bug #2417034 - CVE-2025-13470 rnp: RNP: Confidentiality compromise due to uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417034
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7bef956026' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: drupal7-7.103-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f8a08bb335
2025-11-29 17:02:16.261291+00:00
--------------------------------------------------------------------------------
Name : drupal7
Product : Fedora 42
Version : 7.103
Release : 1.fc42
URL : https://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
https://www.drupal.org/project/drupal/releases/7.99
https://www.drupal.org/project/drupal/releases/7.100
https://www.drupal.org/project/drupal/releases/7.101
https://www.drupal.org/project/drupal/releases/7.102
https://www.drupal.org/sa-core-2024-005
https://www.drupal.org/sa-core-2024-008
https://www.drupal.org/project/drupal/releases/7.103
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 19 2025 Shawn Iwinski [shawn.iwinski@gmail.com] - 7.103-1
- Update to 7.103 (RHBZ #2253220)
- SA-CORE-2024-005 / CVE-2024-55635
- SA-CORE-2024-008 / CVE-2024-55638
* Wed Jul 23 2025 Fedora Release Engineering [releng@fedoraproject.org] - 7.98-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2253220 - drupal7-7.103 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2253220
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f8a08bb335' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: cef-142.0.14^chromium142.0.7444.162-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-58193e3850
2025-11-29 17:02:16.261252+00:00
--------------------------------------------------------------------------------
Name : cef
Product : Fedora 42
Version : 142.0.14^chromium142.0.7444.162
Release : 1.fc42
URL : https://bitbucket.org/chromiumembedded/cef
Summary : Chromium Embedded Framework
Description :
CEF is an embeddable build of Chromium, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 142.0.7444.162
High CVE-2025-12725: Out of bounds write in WebGPU
High CVE-2025-12726: Inappropriate implementation in Views
High CVE-2025-12727: Inappropriate implementation in V8
Medium CVE-2025-12728: Inappropriate implementation in Omnibox
Medium CVE-2025-12729: Inappropriate implementation in Omnibox
High CVE-2025-12428: Type Confusion in V8
High CVE-2025-12429: Inappropriate implementation in V8
High CVE-2025-12430: Object lifecycle issue in Media
High CVE-2025-12431: Inappropriate implementation in Extensions
High CVE-2025-12432: Race in V8
High CVE-2025-12433: Inappropriate implementation in V8
High CVE-2025-12036: Inappropriate implementation in V8
Medium CVE-2025-12434: Race in Storage
Medium CVE-2025-12435: Incorrect security UI in Omnibox
Medium CVE-2025-12436: Policy bypass in Extensions
Medium CVE-2025-12437: Use after free in PageInfo
Medium CVE-2025-12438: Use after free in Ozone
Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
Low CVE-2025-12440: Inappropriate implementation in Autofill
Medium CVE-2025-12441: Out of bounds read in V8
Medium CVE-2025-12443: Out of bounds read in WebXR
Low CVE-2025-12444: Incorrect security UI in Fullscreen UI
Low CVE-2025-12445: Policy bypass in Extensions
Low CVE-2025-12446: Incorrect security UI in SplitView
Low CVE-2025-12447: Incorrect security UI in Omnibox
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 18 2025 Asahi Lina [lina@lina.yt] - 142.0.14^chromium142.0.7444.162-1
- Update to cef-142.0.14+gceaf578 (rhbz#2413981)
* Tue Nov 18 2025 Than Ngo [than@redhat.com] - 142.0.10^chromium142.0.7444.162-4
- Fix FTBFS caused by rust-1.88 on EL9
* Tue Nov 18 2025 Than Ngo [than@redhat.com] - 142.0.10^chromium142.0.7444.162-3
- Fix FTBFS - epel9 has new rust-1.88, dropp chromium-134-rust-
libadler2.patch
* Fri Nov 14 2025 Than Ngo [than@redhat.com] - 142.0.10^chromium142.0.7444.162-1
- Update to 142.0.7444.162
- * High CVE-2025-13042: Inappropriate implementation in V8
* Tue Nov 11 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 142.0.10^chromium142.0.7444.134-2
- Rebuilt for FFmpeg 8
* Tue Nov 11 2025 Asahi Lina [lina@lina.yt] - 142.0.10^chromium142.0.7444.134-1
- Update to cef-142.0.10+g29548e2 (rhbz#2413981)
* Sun Nov 9 2025 Than Ngo [than@redhat.com] - 142.0.6^chromium142.0.7444.134-1
- Update to 142.0.7444.134 (rhbz#2413621)
- * High CVE-2025-12725: Out of bounds write in WebGPU
- * High CVE-2025-12726: Inappropriate implementation in Views
- * High CVE-2025-12727: Inappropriate implementation in V8
- * Medium CVE-2025-12728: Inappropriate implementation in Omnibox
- * Medium CVE-2025-12729: Inappropriate implementation in Omnibox
* Sun Nov 9 2025 Than Ngo [than@redhat.com] - 142.0.6^chromium142.0.7444.59-5
- Add CVEs in changelog
- * High CVE-2025-12428: Type Confusion in V8
- * High CVE-2025-12429: Inappropriate implementation in V8
- * High CVE-2025-12430: Object lifecycle issue in Media
- * High CVE-2025-12431: Inappropriate implementation in Extensions
- * High CVE-2025-12432: Race in V8
- * High CVE-2025-12433: Inappropriate implementation in V8
- * High CVE-2025-12036: Inappropriate implementation in V8
- * Medium CVE-2025-12434: Race in Storage
- * Medium CVE-2025-12435: Incorrect security UI in Omnibox
- * Medium CVE-2025-12436: Policy bypass in Extensions
- * Medium CVE-2025-12437: Use after free in PageInfo
- * Medium CVE-2025-12438: Use after free in Ozone
- * Medium CVE-2025-12439: Inappropriate implementation in App-Bound
Encryption
- * Low CVE-2025-12440: Inappropriate implementation in Autofill
- * Medium CVE-2025-12441: Out of bounds read in V8
- * Medium CVE-2025-12443: Out of bounds read in WebXR
- * Low CVE-2025-12444: Incorrect security UI in Fullscreen UI
- * Low CVE-2025-12445: Policy bypass in Extensions
- * Low CVE-2025-12446: Incorrect security UI in SplitView
- * Low CVE-2025-12447: Incorrect security UI in Omnibox
* Tue Nov 4 2025 Dominik 'Rathann' Mierzejewski [dominik@greysector.net] - 142.0.6^chromium142.0.7444.59-2
- Rebuilt for FFmpeg 8
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-58193e3850' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
