Update to chromium-133.0.6943.141
Comment
Archive for Fedora Linux Distribution – Security Advisories
2744 results.
CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow via create_cache_bins CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function
deadlock potential with VT-d and legacy PCI device pass-through [XSA-467, CVE-2025-1713]
Update to chromium-133.0.6943.141
Patched libiniparser to fix CVE-2025-0633
This is major rework of alternatives usage. We are (finally!) dropping the parallel installs support, and moving back to good, old “java-xyz-openjdk” major alternatives target January CPU 2025
Security fix CVE-2025-0938
Merge branch ‘f42’ into f41 Merge branch ‘rawhide’ into f41 Fix merge conflict
Rebase to 3.2.4
Update gnutls to the latest upstream release, including a fix for CVE-2024-12243.
Includes CVE fixes.
The newest upstream commit Security fix for CVE-2025-26603
Update to 133.0.6943.126 CVE-2025-0999: Heap buffer overflow in V8 CVE-2025-1426: Heap buffer overflow in GPU CVE-2025-1006: Use after free in Network
Fix missing error codes set and invalid error code checks in OpenSSH. It prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS is on (CVE-2025-26465, CVE-2025-26466).
Security fixes for CVE-2024-11168 and CVE-2025-0938
update to 1.33.2 fix CVE-2025-24898
Security fixes for CVE-2024-11168 and CVE-2025-0938
Update to 133.0.6943.126 CVE-2025-0999: Heap buffer overflow in V8 CVE-2025-1426: Heap buffer overflow in GPU CVE-2025-1006: Use after free in Network
This update addresses a null pointer dereferencing issue that could cause the session for a client that sent specially-crafted commands to the server to crash (not the sessions of other clients).
Update to 3.12.9
The newest upstream commit Security fix for CVE-2025-26603
The 6.12.15 stable kernel update contains a number of important fixes across the tree. The 6.12.14 stable kernel update contains a number of important fixes across the tree.
Includes CVE fixes.
Automatic update for bootc-1.1.5-1.fc41. Changelog for bootc * Mon Feb 10 2025 Packit
Update to upstream 2.1-48. 20250211 Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-97-02) at revision 0x38; Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-97-02) at revision 0x38; Addition of 06-bf-06/0x07 microcode (in intel-ucode/06-97-05) at revision 0x38; Addition of 06-bf-07/0x07 microcode (in intel-ucode/06-97-05) at revision 0x38;
Update to 133.0.6943.98 CVE-2025-0995: Use after free in V8 CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0997: Use after free in Navigation CVE-2025-0998: Out of bounds memory access in V8
Update to 133.0.6943.98 CVE-2025-0995: Use after free in V8 CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0997: Use after free in Navigation CVE-2025-0998: Out of bounds memory access in V8
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.
Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test:
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.