Fedora 42 Update: usd-25.02a-4.fc42
Fedora 42 Update: python3.14-3.14.2-1.fc42
Fedora 42 Update: qt6-qtdeclarative-6.9.3-2.fc42
Fedora 43 Update: chromium-143.0.7499.109-2.fc43
Fedora 43 Update: python3.13-3.13.11-1.fc43
Fedora 43 Update: usd-25.08-12.fc43
[SECURITY] Fedora 42 Update: usd-25.02a-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-447047dda8
2025-12-16 01:13:25.255212+00:00
--------------------------------------------------------------------------------
Name : usd
Product : Fedora 42
Version : 25.02a
Release : 4.fc42
URL : http://www.openusd.org/
Summary : 3D VFX pipeline interchange file format
Description :
Universal Scene Description (USD) is a time-sampled scene
description for interchange between graphics applications.
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-64181 etc. in OpenEXRCore
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 25.02a-4
- Backport fixes for CVE-2025-64181 etc. in OpenEXRCore
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418251 - CVE-2025-64181 usd: Use of Uninitialized Memory inside generic_unpack [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418251
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-447047dda8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python3.14-3.14.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d5dffbf048
2025-12-16 01:13:25.255184+00:00
--------------------------------------------------------------------------------
Name : python3.14
Product : Fedora 42
Version : 3.14.2
Release : 1.fc42
URL : https://www.python.org/
Summary : Version 3.14 of the Python interpreter
Description :
Python 3.14 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.14 package provides the "python3.14" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.14-libs package,
which should be installed automatically along with python3.14.
The remaining parts of the Python standard library are broken out into the
python3.14-tkinter and python3.14-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.14-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.14-" prefix.
--------------------------------------------------------------------------------
Update Information:
This is the second maintenance release of Python 3.14
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.14.2-1
- Update to Python 3.14.2
* Wed Dec 3 2025 Karolina Surma [ksurma@redhat.com] - 3.14.1-1
- Update to Python 3.14.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2402875 - CVE-2025-8291 python3.14: Python zipfile End of Central Directory (EOCD) Locator record offset not checked [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2402875
[ 2 ] Bug #2413058 - CVE-2025-6075 python3.14: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2413058
[ 3 ] Bug #2421620 - CVE-2025-12084 python3.14: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421620
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d5dffbf048' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: qt6-qtdeclarative-6.9.3-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-62d125612b
2025-12-16 01:13:25.255156+00:00
--------------------------------------------------------------------------------
Name : qt6-qtdeclarative
Product : Fedora 42
Version : 6.9.3
Release : 2.fc42
URL : http://www.qt.io
Summary : Qt6 - QtDeclarative component
Description :
Qt6 - QtDeclarative component.
--------------------------------------------------------------------------------
Update Information:
CVE-2025-12385: Fix improper validation of img tag size in Text component parser
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2025 Jan Grulich [jgrulich@redhat.com] - 6.9.3-2
- Fix improper validation of img tag size in Text component parser
Resolves: CVE-2025-12385
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-62d125612b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: chromium-143.0.7499.109-2.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1077c09b50
2025-12-16 00:46:10.314091+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 43
Version : 143.0.7499.109
Release : 2.fc43
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 143.0.7499.109
* High: Under coordination
* Medium CVE-2025-14372: Use after free in Password Manager
* Medium CVE-2025-14373: Inappropriate implementation in Toolbar
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 11 2025 Than Ngo [than@redhat.com] - 143.0.7499.109-2
- Enable gtk4 by default
* Thu Dec 11 2025 Than Ngo [than@redhat.com] - 143.0.7499.109-1
- Update to 143.0.7499.109
* High: Under coordination
* Medium CVE-2025-14372: Use after free in Password Manager
* Medium CVE-2025-14373: Inappropriate implementation in Toolbar
- Workaround problem of auto dark mode inverting images and making them unreadable
* Tue Dec 9 2025 LuK1337 [priv.luk@gmail.com] - 143.0.7499.40-2
- Backport Wayland Omnibox bug fix from upstream
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1077c09b50' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: python3.13-3.13.11-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6407a7ee7e
2025-12-16 00:46:10.314061+00:00
--------------------------------------------------------------------------------
Name : python3.13
Product : Fedora 43
Version : 3.13.11
Release : 1.fc43
URL : https://www.python.org/
Summary : Version 3.13 of the Python interpreter
Description :
Python 3.13 is an accessible, high-level, dynamically typed, interpreted
programming language, designed with an emphasis on code readability.
It includes an extensive standard library, and has a vast ecosystem of
third-party libraries.
The python3.13 package provides the "python3.13" executable: the reference
interpreter for the Python language, version 3.
The majority of its standard library is provided in the python3.13-libs package,
which should be installed automatically along with python3.13.
The remaining parts of the Python standard library are broken out into the
python3.13-tkinter and python3.13-test packages, which may need to be installed
separately.
Documentation for Python is provided in the python3.13-docs package.
Packages containing additional libraries for Python are generally named with
the "python3.13-" prefix.
--------------------------------------------------------------------------------
Update Information:
This is the eleventh maintenance release of Python 3.13
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 5 2025 Miro Hron??ok [mhroncok@redhat.com] - 3.13.11-1
- Update to 3.13.11
* Wed Dec 3 2025 Tom???? Hrn??iar [thrnciar@redhat.com] - 3.13.10-1
- Update to 3.13.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413057 - CVE-2025-6075 python3.13: Quadratic complexity in os.path.expandvars() with user-controlled template [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2413057
[ 2 ] Bug #2421628 - CVE-2025-12084 python3.13: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2421628
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6407a7ee7e' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: usd-25.08-12.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4924a5bc8b
2025-12-16 00:46:10.314063+00:00
--------------------------------------------------------------------------------
Name : usd
Product : Fedora 43
Version : 25.08
Release : 12.fc43
URL : http://www.openusd.org/
Summary : 3D VFX pipeline interchange file format
Description :
Universal Scene Description (USD) is a time-sampled scene
description for interchange between graphics applications.
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-64181 etc. in OpenEXRCore
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2418252 - CVE-2025-64181 usd: Use of Uninitialized Memory inside generic_unpack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418252
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4924a5bc8b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
