Fedora Security Advisories

runc-1.3.2-1.fc44

Fedora Security Advisories
10 hours 50 minutes ago
FEDORA-2025-0022827a20 Packages in this update:
  • runc-1.3.2-1.fc44
Update description:

Automatic update for runc-1.3.2-1.fc44.

Changelog * Tue Oct 7 2025 Bradley G Smith <bradley.g.smith@gmail.com> - 2:1.3.2-1 - Update to release v1.3.2 - Resolves: rhbz#2399284, rhbz#2399563 - Upstream fixes

valkey-8.0.6-1.el8

Fedora Security Advisories
1 day 16 hours ago
FEDORA-EPEL-2025-2d44b874a0 Packages in this update:
  • valkey-8.0.6-1.el8
Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2616)
  • Minor fix for dual rdb channel connection conn error log (#2658)
  • Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

  • Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
  • Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
  • Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
  • Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
  • Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
  • Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
  • Fix replica failover stall due to outdated config epoch (#2178)
  • Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
  • Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
  • Fix client tracking memory overhead calculation (#2360)
  • Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
  • Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

  • Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
  • Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

  • Add support to drop all cluster packets (#1252)
  • Improve log clarity in failover auth denial message (#1341)

Security fixes

  • CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

valkey-8.0.6-1.el9

Fedora Security Advisories
1 day 16 hours ago
FEDORA-EPEL-2025-115d3a5484 Packages in this update:
  • valkey-8.0.6-1.el9
Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2616)
  • Minor fix for dual rdb channel connection conn error log (#2658)
  • Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

  • Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
  • Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
  • Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
  • Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
  • Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
  • Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
  • Fix replica failover stall due to outdated config epoch (#2178)
  • Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
  • Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
  • Fix client tracking memory overhead calculation (#2360)
  • Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
  • Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

  • Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
  • Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

  • Add support to drop all cluster packets (#1252)
  • Improve log clarity in failover auth denial message (#1341)

Security fixes

  • CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

chromium-141.0.7390.54-1.el10_2

Fedora Security Advisories
3 days 18 hours ago
FEDORA-EPEL-2025-96049efbd2 Packages in this update:
  • chromium-141.0.7390.54-1.el10_2
Update description:

Update to 141.0.7390.54

* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8

chromium-141.0.7390.54-1.fc43

Fedora Security Advisories
3 days 18 hours ago
FEDORA-2025-37da05914f Packages in this update:
  • chromium-141.0.7390.54-1.fc43
Update description:

Update to 141.0.7390.54

* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8

chromium-141.0.7390.54-1.fc42

Fedora Security Advisories
3 days 18 hours ago
FEDORA-2025-acc92fcc12 Packages in this update:
  • chromium-141.0.7390.54-1.fc42
Update description:

Update to 141.0.7390.54

* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8

chromium-141.0.7390.54-1.el9

Fedora Security Advisories
3 days 18 hours ago
FEDORA-EPEL-2025-bff0433d38 Packages in this update:
  • chromium-141.0.7390.54-1.el9
Update description:

Update to 141.0.7390.54

* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8

chromium-141.0.7390.54-1.fc41

Fedora Security Advisories
3 days 18 hours ago
FEDORA-2025-2d4d91b00a Packages in this update:
  • chromium-141.0.7390.54-1.fc41
Update description:

Update to 141.0.7390.54

* High CVE-2025-11205: Heap buffer overflow in WebGPU * High CVE-2025-11206: Heap buffer overflow in Video * Medium CVE-2025-11207: Side-channel information leakage in Storage * Medium CVE-2025-11208: Inappropriate implementation in Media * Medium CVE-2025-11209: Inappropriate implementation in Omnibox * Medium CVE-2025-11210: Side-channel information leakage in Tab * Medium CVE-2025-11211: Out of bounds read in Media * Medium CVE-2025-11212: Inappropriate implementation in Media * Medium CVE-2025-11213: Inappropriate implementation in Omnibox * Medium CVE-2025-11215: Off by one error in V8 * Low CVE-2025-11216: Inappropriate implementation in Storage * Low CVE-2025-11219: Use after free in V8

valkey-8.0.6-1.fc41

Fedora Security Advisories
3 days 19 hours ago
FEDORA-2025-00e79c49ca Packages in this update:
  • valkey-8.0.6-1.fc41
Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2616)
  • Minor fix for dual rdb channel connection conn error log (#2658)
  • Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

  • Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
  • Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
  • Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
  • Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
  • Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
  • Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
  • Fix replica failover stall due to outdated config epoch (#2178)
  • Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
  • Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
  • Fix client tracking memory overhead calculation (#2360)
  • Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
  • Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

  • Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
  • Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

  • Add support to drop all cluster packets (#1252)
  • Improve log clarity in failover auth denial message (#1341)

Security fixes

  • CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

valkey-8.0.6-1.fc42

Fedora Security Advisories
3 days 19 hours ago
FEDORA-2025-3055a5b407 Packages in this update:
  • valkey-8.0.6-1.fc42
Update description:

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2616)
  • Minor fix for dual rdb channel connection conn error log (#2658)
  • Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

  • Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
  • Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
  • Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
  • Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
  • Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
  • Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
  • Fix replica failover stall due to outdated config epoch (#2178)
  • Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
  • Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
  • Fix client tracking memory overhead calculation (#2360)
  • Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
  • Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

  • Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
  • Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

  • Add support to drop all cluster packets (#1252)
  • Improve log clarity in failover auth denial message (#1341)

Security fixes

  • CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

valkey-8.1.4-2.fc43

Fedora Security Advisories
3 days 19 hours ago
FEDORA-2025-fd6619a49f Packages in this update:
  • valkey-8.1.4-2.fc43
Update description:

Valkey 8.1.4

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2614)
  • Fix EVAL to report unknown error when empty error table is provided (#2229)
  • Fix use-after-free when active expiration triggers hashtable to shrink (#2257)
  • Fix MEMORY USAGE to account for embedded keys (#2290)
  • Fix memory leak when shrinking a hashtable without entries (#2288)
  • Prevent potential assertion in active defrag handling large allocations (#2353)
  • Prevent bad memory access when NOTOUCH client gets unblocked (#2347)
  • Converge divergent shard-id persisted in nodes.conf to primary's shard id (#2174)
  • Fix client tracking memory overhead calculation (#2360)
  • Fix RDB load per slot memory pre-allocation when loading from RDB snapshot (#2466)
  • Don't use AVX2 instructions if the CPU doesn't support it (#2571)
  • Fix bug where active defrag may be unable to defrag sparsely filled pages (#2656)

Packaging changes

  • add new sub-package valkey-tls for the TLS encryption module, which was previously built into main valkey
  • add new sub-package valkey-rdma for the RDMA (Remote Direct Memory Access ) module, this a new optional feature

cef-140.1.15^chromium140.0.7339.207-3.fc42

Fedora Security Advisories
3 days 20 hours ago
FEDORA-2025-5fac63ba6a Packages in this update:
  • cef-140.1.15^chromium140.0.7339.207-3.fc42
Update description:

Update to 140.1.15^chromium140.0.7339.207 (rhbz#2396308)

  • CVE-2025-10890: Side-channel information leakage in V8
  • CVE-2025-10891: Integer overflow in V8
  • CVE-2025-10892: Integer overflow in V8
  • CVE-2025-10585: Type Confusion in V8
  • CVE-2025-10500: Use after free in Dawn
  • CVE-2025-10501: Use after free in WebRTC
  • CVE-2025-10502: Heap buffer overflow in ANGLE
  • CVE-2025-10200: Use after free in Serviceworker
  • CVE-2025-10201: Inappropriate implementation in Mojo
  • CVE-2025-9864: Use after free in V8
  • CVE-2025-9865: Inappropriate implementation in Toolbar
  • CVE-2025-9866: Inappropriate implementation in Extensions
  • CVE-2025-9867: Inappropriate implementation in Downloads

cef-140.1.15^chromium140.0.7339.207-3.fc43

Fedora Security Advisories
3 days 20 hours ago
FEDORA-2025-1e8f05e0a6 Packages in this update:
  • cef-140.1.15^chromium140.0.7339.207-3.fc43
Update description:

Update to 140.1.15^chromium140.0.7339.207 (rhbz#2396308)

  • CVE-2025-10890: Side-channel information leakage in V8
  • CVE-2025-10891: Integer overflow in V8
  • CVE-2025-10892: Integer overflow in V8
  • CVE-2025-10585: Type Confusion in V8
  • CVE-2025-10500: Use after free in Dawn
  • CVE-2025-10501: Use after free in WebRTC
  • CVE-2025-10502: Heap buffer overflow in ANGLE
  • CVE-2025-10200: Use after free in Serviceworker
  • CVE-2025-10201: Inappropriate implementation in Mojo
  • CVE-2025-9864: Use after free in V8
  • CVE-2025-9865: Inappropriate implementation in Toolbar
  • CVE-2025-9866: Inappropriate implementation in Extensions
  • CVE-2025-9867: Inappropriate implementation in Downloads
Checked
21 minutes 38 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security