Fedora Security Advisories

• openbao-2.4.3-2.fc41

Rebuild to add hsm tag.

The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and CVE-2025-58183.

• openbao-2.4.3-2.fc43

Rebuild to add hsm tag.

The fedora-43 build was done with golang-1.25.4 which fixed CVE-2025-58189, CVE-2025-58188, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and CVE-2025-58183.

• openbao-2.4.3-2.fc42

Rebuild to add hsm tag.

The fedora-42 build was done with golang-1.24.10 which fixed CVE-2025-58183.

• docker-buildkit-0.26.1-1.fc41

Update to release v0.26.1

• Update to release v0.26.0
• Resolves: rhbz#2412681, rhbz#2412761
• Upstream new features and fixes
• dependency override for moby/policy-helper needed for license (default version does not a a license file)

• docker-buildkit-0.26.1-1.fc42

Update to release v0.26.1

• Update to release v0.26.0
• Resolves: rhbz#2412681, rhbz#2412761
• Upstream new features and fixes
• dependency override for moby/policy-helper needed for license (default version does not a a license file)c

• docker-buildx-0.30.1-1.fc41

• Update to release v0.30.1
• Upstream fix

• Update to release v0.30.0
• Resolves: rhbz#2413270
• Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066
• Resolves: rhbz#2409350, rhbz#2409628, rhbz#2410014, rhbz#2410300
• Resolves: rhbz#2410579, rhbz#2410946, rhbz#2411477, rhbz#2412381
• Resolves: rhbz#2412530, rhbz#2412682, rhbz#2412762
• Upstream new features and fixes

• docker-buildx-0.30.1-1.fc42

• Update to release v0.30.1
• Upstream fix

• Update to release v0.30.0
• Resolves: rhbz#2413270
• Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066
• Resolves: rhbz#2409350, rhbz#2409628, rhbz#2410014, rhbz#2410300
• Resolves: rhbz#2410579, rhbz#2410946, rhbz#2411477, rhbz#2412381
• Resolves: rhbz#2412530, rhbz#2412682, rhbz#2412762
• Upstream new features and fixes

• docker-buildkit-0.26.1-1.fc43

Update to release v0.26.1

• Update to release v0.26.0
• Resolves: rhbz#2412681, rhbz#2412761
• Upstream new features and fixes
• dependency override for moby/policy-helper needed for license (default version does not a a license file)

• docker-buildx-0.30.1-1.fc43

• Update to release v0.30.1
• Upstream fix

• Update to release v0.30.0
• Resolves: rhbz#2413270
• Resolves: rhbz#2407614, rhbz#2407881, rhbz#2408158, rhbz#2409066
• Resolves: rhbz#2409350, rhbz#2409628, rhbz#2410014, rhbz#2410300
• Resolves: rhbz#2410579, rhbz#2410946, rhbz#2411477, rhbz#2412381
• Resolves: rhbz#2412530, rhbz#2412682, rhbz#2412762
• Upstream new features and fixes

• sudo-rs-0.2.10-1.fc41

Update to version 0.2.10.

This release includes fixes for CVE-2025-64170 and CVE-2025-64517.

• sudo-rs-0.2.10-1.fc42

Update to version 0.2.10.

This release includes fixes for CVE-2025-64170 and CVE-2025-64517.

• sudo-rs-0.2.10-1.fc43

Update to version 0.2.10.

This release includes fixes for CVE-2025-64170 and CVE-2025-64517.

• linux-firmware-20251111-1.fc43

Upstream linux-firmware 20251111 release:

• rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905
• add firmware for mt7987 internal 2.5G ethernet phy
• rtw88: 8822b: Update firmware to v30.20.0
• rtl_nic: add firmware rtl8125k-1
• ASoC: tas2781: Update dsp firmware for HP and ASUS projects
• amdgpu: DMCUB updates for various ASICs
• qcom: add SOCCP firmware for kaanapali platform
• xe: Update GUC to v70.53.0 for BMG, LNL, PTL
• i915: Update GUC to v70.53.0 for DG2, MTL
• rtw89: 8851b: update fw to v0.29.41.5
• rtw89: 8852b: update fw to v0.29.128.0 with format suffix -2
• rtw89: 8852b: update fw to v0.29.29.14
• rtw89: 8852bt: update fw to v0.29.127.0 with format suffix -1
• Update firmware file for Intel BlazarI/BlazarU core
• Create audio folder in ti folder, and move all the audio firmwares into it
• amdgpu: DMCUB updates for various ASICs
• Update AMD cpu microcode
• mediatek MT7925: update bluetooth firmware to 20251015213201
• rtl_bt: Add firmware and config files for RTL8761CUV
• Update AMD cpu microcode
• qcom: add ADSP firmware for kaanapali platform
• amdgpu: DMCUB updates for various ASICs
• mediatek MT7920: update bluetooth firmware to 20251020151255
• update firmware for MT7920/MT7922/MT7925 WiFi device
• amd-ucode: Fix minimum revisions in README
• cirrus: cs35l41: Rename various Asus Laptop firmware files to not have Speaker ID
• mediatek MT7922: update bluetooth firmware to 20251020143443

• linux-firmware-20251111-1.fc42

Upstream linux-firmware 20251111 release:

• rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905
• add firmware for mt7987 internal 2.5G ethernet phy
• rtw88: 8822b: Update firmware to v30.20.0
• rtl_nic: add firmware rtl8125k-1
• ASoC: tas2781: Update dsp firmware for HP and ASUS projects
• amdgpu: DMCUB updates for various ASICs
• qcom: add SOCCP firmware for kaanapali platform
• xe: Update GUC to v70.53.0 for BMG, LNL, PTL
• i915: Update GUC to v70.53.0 for DG2, MTL
• rtw89: 8851b: update fw to v0.29.41.5
• rtw89: 8852b: update fw to v0.29.128.0 with format suffix -2
• rtw89: 8852b: update fw to v0.29.29.14
• rtw89: 8852bt: update fw to v0.29.127.0 with format suffix -1
• Update firmware file for Intel BlazarI/BlazarU core
• Create audio folder in ti folder, and move all the audio firmwares into it
• amdgpu: DMCUB updates for various ASICs
• Update AMD cpu microcode
• mediatek MT7925: update bluetooth firmware to 20251015213201
• rtl_bt: Add firmware and config files for RTL8761CUV
• Update AMD cpu microcode
• qcom: add ADSP firmware for kaanapali platform
• amdgpu: DMCUB updates for various ASICs
• mediatek MT7920: update bluetooth firmware to 20251020151255
• update firmware for MT7920/MT7922/MT7925 WiFi device
• amd-ucode: Fix minimum revisions in README
• cirrus: cs35l41: Rename various Asus Laptop firmware files to not have Speaker ID
• mediatek MT7922: update bluetooth firmware to 20251020143443

• jfrog-cli-2.78.3-2.el9

Rebuild with Go 1.25.3 to address standard library vulnerabilities: CVE-2025-58189, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, CVE-2025-58188, CVE-2025-58183.

• cef-142.0.10^chromium142.0.7444.162-2.fc43

Update to 142.0.7444.162

• High CVE-2025-12725: Out of bounds write in WebGPU
• High CVE-2025-12726: Inappropriate implementation in Views
• High CVE-2025-12727: Inappropriate implementation in V8
• Medium CVE-2025-12728: Inappropriate implementation in Omnibox
• Medium CVE-2025-12729: Inappropriate implementation in Omnibox
• High CVE-2025-12428: Type Confusion in V8
• High CVE-2025-12429: Inappropriate implementation in V8
• High CVE-2025-12430: Object lifecycle issue in Media
• High CVE-2025-12431: Inappropriate implementation in Extensions
• High CVE-2025-12432: Race in V8
• High CVE-2025-12433: Inappropriate implementation in V8
• High CVE-2025-12036: Inappropriate implementation in V8
• Medium CVE-2025-12434: Race in Storage
• Medium CVE-2025-12435: Incorrect security UI in Omnibox
• Medium CVE-2025-12436: Policy bypass in Extensions
• Medium CVE-2025-12437: Use after free in PageInfo
• Medium CVE-2025-12438: Use after free in Ozone
• Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
• Low CVE-2025-12440: Inappropriate implementation in Autofill
• Medium CVE-2025-12441: Out of bounds read in V8
• Medium CVE-2025-12443: Out of bounds read in WebXR
• Low CVE-2025-12444: Incorrect security UI in Fullscreen UI
• Low CVE-2025-12445: Policy bypass in Extensions
• Low CVE-2025-12446: Incorrect security UI in SplitView
• Low CVE-2025-12447: Incorrect security UI in Omnibox

• cef-142.0.14^chromium142.0.7444.162-1.fc42

Update to 142.0.7444.162

• High CVE-2025-12725: Out of bounds write in WebGPU
• High CVE-2025-12726: Inappropriate implementation in Views
• High CVE-2025-12727: Inappropriate implementation in V8
• Medium CVE-2025-12728: Inappropriate implementation in Omnibox
• Medium CVE-2025-12729: Inappropriate implementation in Omnibox
• High CVE-2025-12428: Type Confusion in V8
• High CVE-2025-12429: Inappropriate implementation in V8
• High CVE-2025-12430: Object lifecycle issue in Media
• High CVE-2025-12431: Inappropriate implementation in Extensions
• High CVE-2025-12432: Race in V8
• High CVE-2025-12433: Inappropriate implementation in V8
• High CVE-2025-12036: Inappropriate implementation in V8
• Medium CVE-2025-12434: Race in Storage
• Medium CVE-2025-12435: Incorrect security UI in Omnibox
• Medium CVE-2025-12436: Policy bypass in Extensions
• Medium CVE-2025-12437: Use after free in PageInfo
• Medium CVE-2025-12438: Use after free in Ozone
• Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption
• Low CVE-2025-12440: Inappropriate implementation in Autofill
• Medium CVE-2025-12441: Out of bounds read in V8
• Medium CVE-2025-12443: Out of bounds read in WebXR
• Low CVE-2025-12444: Incorrect security UI in Fullscreen UI
• Low CVE-2025-12445: Policy bypass in Extensions
• Low CVE-2025-12446: Incorrect security UI in SplitView
• Low CVE-2025-12447: Incorrect security UI in Omnibox

• k9s-0.50.16-2.fc42

Rebuild to fix several CVEs in golang std.

• k9s-0.50.16-2.fc43

Rebuild to fix several CVEs in golang std.

• kubernetes1.33-1.33.6-1.fc41

• Update to release v1.33.6
• Resolves: rhbz#2398588, rhbz#2398849, rhbz#2399250, rhbz#2399523
• Resolves: rhbz#2407789, rhbz#2408059, rhbz#2408316, rhbz#2408610
• Resolves: rhbz#2408673, rhbz#2408731, rhbz#2409238, rhbz#2409528
• Resolves: rhbz#2409789, rhbz#2410203, rhbz#2410478, rhbz#2410739
• Resolves: rhbz#2411118, rhbz#2411377, rhbz#2412570, rhbz#2412589
• Resolves: rhbz#2412804
• Upstream fixes