Fedora 42 Update: valkey-8.0.3-3.fc42
Fedora 42 Update: wireshark-4.4.7-1.fc42
Fedora 42 Update: golang-x-perf-0-0.28.20250326git02a15fd.fc42
Fedora 41 Update: chromium-137.0.7151.103-1.fc41
Fedora 41 Update: wireshark-4.4.7-1.fc41
Fedora 41 Update: golang-x-perf-0-0.28.20250326git02a15fd.fc41
[SECURITY] Fedora 42 Update: valkey-8.0.3-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-129268f8e4
2025-06-15 01:48:03.179300+00:00
--------------------------------------------------------------------------------
Name : valkey
Product : Fedora 42
Version : 8.0.3
Release : 3.fc42
URL : https://valkey.io
Summary : A persistent key-value database
Description :
Valkey is an advanced key-value store. It is often referred to as a data
structure server since keys can contain strings, hashes, lists, sets and
sorted sets.
You can run atomic operations on these types, like appending to a string;
incrementing the value in a hash; pushing to a list; computing set
intersection, union and difference; or getting the member with highest
ranking in a sorted set.
In order to achieve its outstanding performance, Valkey works with an
in-memory dataset. Depending on your use case, you can persist it either
by dumping the dataset to disk every once in a while, or by appending
each command to a log.
Valkey also supports trivial-to-setup master-slave replication, with very
fast non-blocking first synchronization, auto-reconnection on net split
and so forth.
Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
limited time-to-live, and configuration settings to make Valkey behave like
a cache.
You can use Valkey from most programming languages also.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-49112
Fix CVE-2025-49112
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 6 2025 Jonathan Wright [jonathan@almalinux.org] - 8.0.3-3
- Apply patch for CVE-2025-49112 properly
* Fri Jun 6 2025 Jonathan Wright [jonathan@almalinux.org] - 8.0.3-2
- Fixes CVE-2025-49112
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2369765 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2369765
[ 2 ] Bug #2369766 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2369766
[ 3 ] Bug #2369767 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2369767
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-129268f8e4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: wireshark-4.4.7-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-b979c16d88
2025-06-15 01:48:03.179231+00:00
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 42
Version : 4.4.7
Release : 1.fc42
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark allows you to examine protocol data stored in files or as it is
captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.
It has many powerful features including a rich display filter language
and the ability to reassemble multiple protocol packets in order to, for
example, view a complete TCP stream, save the contents of a file which was
transferred over HTTP or CIFS, or play back an RTP audio stream.
--------------------------------------------------------------------------------
Update Information:
New version 4.4.7
Ignoring potential error when using udevadm in %post scriptlet
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 5 2025 Michal Ruprich [mruprich@redhat.com] - 1:4.4.7-1
- New version 4.4.7
* Tue Jun 3 2025 Michal Ruprich [mruprich@redhat.com] - 1:4.4.6-2
- udevadm should be ignored if an error occures
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370020 - wireshark-cli post scriptlet error during kickstart install
https://bugzilla.redhat.com/show_bug.cgi?id=2370020
[ 2 ] Bug #2370293 - CVE-2025-5601 wireshark: Buffer Overflow in Wireshark [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370293
[ 3 ] Bug #2370294 - CVE-2025-5601 wireshark: Buffer Overflow in Wireshark [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370294
[ 4 ] Bug #2370300 - wireshark-4.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2370300
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-b979c16d88' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: golang-x-perf-0-0.28.20250326git02a15fd.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ee0831e677
2025-06-15 01:48:03.179236+00:00
--------------------------------------------------------------------------------
Name : golang-x-perf
Product : Fedora 42
Version : 0
Release : 0.28.20250326git02a15fd.fc42
URL : https://github.com/golang/perf
Summary : Performance measurement, storage, and analysis
Description :
This package holds the source for various tools related to performance
measurement, storage, and analysis.
- cmd/benchstat contains a command-line tool that computes and 7
compares statistics about benchmarks.
- cmd/benchsave contains a command-line tool for publishing benchmark
results.
- storage contains the https://perfdata.golang.org/ benchmark result
storage system.
- analysis contains the https://perf.golang.org/ benchmark result analysis
system.
--------------------------------------------------------------------------------
Update Information:
Security update
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Alejandro S??ez [asm@redhat.com] - 0-0.28
- Update to newer version, migrate to vendor-tools
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0-0.26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Sep 2 2024 Miroslav Such?? [msuchy@redhat.com] - 0-0.25
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2340564 - golang-x-perf: FTBFS in Fedora rawhide/f42
https://bugzilla.redhat.com/show_bug.cgi?id=2340564
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ee0831e677' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: chromium-137.0.7151.103-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-aa9ea529fb
2025-06-15 01:06:28.140427+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 137.0.7151.103
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 137.0.7151.103
CVE-2025-5958: Use after free in Media
CVE-2025-5959: Type Confusion in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 11 2025 Than Ngo [than@redhat.com] - 137.0.7151.103-1
- Update to 137.0.7151.103
* CVE-2025-5958: Use after free in Media
* CVE-2025-5959: Type Confusion in V8
- Provide correct version for bundle librarires
- Fix rhbz#2368923, Chromium crash
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2368923 - Chromium crashes with "SIGILL" when using the "ENTITIES HTML MathML Set" doctype in an XSLT stylesheet
https://bugzilla.redhat.com/show_bug.cgi?id=2368923
[ 2 ] Bug #2371648 - CVE-2025-5958 chromium: Chrome Media Use-After-Free Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2371648
[ 3 ] Bug #2371653 - CVE-2025-5959 chromium: Chrome Type Confusion Vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2371653
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-aa9ea529fb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: wireshark-4.4.7-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8043d4cd71
2025-06-15 01:06:28.140369+00:00
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 41
Version : 4.4.7
Release : 1.fc41
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark allows you to examine protocol data stored in files or as it is
captured from wired or wireless (WiFi or Bluetooth) networks, USB devices,
and many other sources. It supports dozens of protocol capture file formats
and understands more than a thousand protocols.
It has many powerful features including a rich display filter language
and the ability to reassemble multiple protocol packets in order to, for
example, view a complete TCP stream, save the contents of a file which was
transferred over HTTP or CIFS, or play back an RTP audio stream.
--------------------------------------------------------------------------------
Update Information:
New version 4.4.7
Ignoring potential error when using udevadm in %post scriptlet
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 5 2025 Michal Ruprich [mruprich@redhat.com] - 1:4.4.7-1
- New version 4.4.7
* Tue Jun 3 2025 Michal Ruprich [mruprich@redhat.com] - 1:4.4.6-2
- udevadm should be ignored if an error occures
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2370020 - wireshark-cli post scriptlet error during kickstart install
https://bugzilla.redhat.com/show_bug.cgi?id=2370020
[ 2 ] Bug #2370293 - CVE-2025-5601 wireshark: Buffer Overflow in Wireshark [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2370293
[ 3 ] Bug #2370294 - CVE-2025-5601 wireshark: Buffer Overflow in Wireshark [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370294
[ 4 ] Bug #2370300 - wireshark-4.4.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2370300
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8043d4cd71' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: golang-x-perf-0-0.28.20250326git02a15fd.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-333708f4ce
2025-06-15 01:06:28.140374+00:00
--------------------------------------------------------------------------------
Name : golang-x-perf
Product : Fedora 41
Version : 0
Release : 0.28.20250326git02a15fd.fc41
URL : https://github.com/golang/perf
Summary : Performance measurement, storage, and analysis
Description :
This package holds the source for various tools related to performance
measurement, storage, and analysis.
- cmd/benchstat contains a command-line tool that computes and 7
compares statistics about benchmarks.
- cmd/benchsave contains a command-line tool for publishing benchmark
results.
- storage contains the https://perfdata.golang.org/ benchmark result
storage system.
- analysis contains the https://perf.golang.org/ benchmark result analysis
system.
--------------------------------------------------------------------------------
Update Information:
Security update
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 28 2025 Alejandro S??ez [asm@redhat.com] - 0-0.28
- Update to newer version, migrate to vendor-tools
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0-0.26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Sep 2 2024 Miroslav Such?? [msuchy@redhat.com] - 0-0.25
- convert license to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2348825 - CVE-2025-22868 golang-x-perf: Unexpected memory consumption during token parsing in golang.org/x/oauth2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2348825
[ 2 ] Bug #2352286 - CVE-2025-22870 golang-x-perf: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2352286
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-333708f4ce' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
