Fedora Security Advisories

• cups-2.4.16-4.fc42

fix possible issue reported by OSH

2.4.16 (fedora#2417970)

rebuild due binutils bug (fedora#2418285) fix division by zero crash in pstops (fedora#2415396)

• firefox-146.0-3.fc43

• Fixed aarch64 crashes

• Updated to latest upstream (146.0)

• firefox-146.0-3.fc42

• Fixed aarch64 crashes

• Updated to latest upstream (146.0)

• cef-143.0.9^chromium143.0.7499.40-6.fc42

Update to cef-143.0.9+ge88e818 + chromium-143.0.7499.40 (rhbz#2420939)

• High CVE-2025-13630: Type Confusion in V8
• High CVE-2025-13631: Inappropriate implementation in Google Updater
• High CVE-2025-13632: Inappropriate implementation in DevTools
• High CVE-2025-13633: Use after free in Digital Credentials
• Medium CVE-2025-13634: Inappropriate implementation in Downloads
• Medium CVE-2025-13720: Bad cast in Loader
• Medium CVE-2025-13721: Race in v8
• Low CVE-2025-13635: Inappropriate implementation in Downloads
• Low CVE-2025-13636: Inappropriate implementation in Split View
• Low CVE-2025-13637: Inappropriate implementation in Downloads
• Low CVE-2025-13638: Use after free in Media Stream
• Low CVE-2025-13639: Inappropriate implementation in WebRTC
• Low CVE-2025-13640: Inappropriate implementation in Passwords

• cef-143.0.9^chromium143.0.7499.40-6.fc43

Update to cef-143.0.9+ge88e818 + chromium-143.0.7499.40 (rhbz#2420939)

• High CVE-2025-13630: Type Confusion in V8
• High CVE-2025-13631: Inappropriate implementation in Google Updater
• High CVE-2025-13632: Inappropriate implementation in DevTools
• High CVE-2025-13633: Use after free in Digital Credentials
• Medium CVE-2025-13634: Inappropriate implementation in Downloads
• Medium CVE-2025-13720: Bad cast in Loader
• Medium CVE-2025-13721: Race in v8
• Low CVE-2025-13635: Inappropriate implementation in Downloads
• Low CVE-2025-13636: Inappropriate implementation in Split View
• Low CVE-2025-13637: Inappropriate implementation in Downloads
• Low CVE-2025-13638: Use after free in Media Stream
• Low CVE-2025-13639: Inappropriate implementation in WebRTC
• Low CVE-2025-13640: Inappropriate implementation in Passwords

• ansible-13.1.0-1.fc44
• ansible-core-2.20.1-1.fc44

https://fedoraproject.org/wiki/Changes/Ansible13

• Close old CVE bugs
• Close bogus Markdown-It CVE bug
• Close unactionable ABRT bug

• gosec-2.22.11-2.fc42

Update to 2.22.11

• gosec-2.22.11-2.fc43

Update to 2.22.11

• fonttools-4.61.0-2.el10_2
• python-unicodedata2-17.0.0-1.el10_2

Update to 17.0.0 version (#2412270)

• brotli-1.2.0-1.fc42
• perl-Alien-Brotli-0.2.2-11.fc42

Update brotli to 1.2.0.

This update provides the necessary Python APIs in python3-brotli to fix denial-of-service security issues related to “decompression bombs,” such as CVE-2025-66471 or CVE-2025-6176, but actually fixing them would require separate updates in affected packages.

• checkpointctl-1.4.1-9.el8

As EPEL8 does not use go-vendor-tools, switch back to the old setup

• libpng-1.6.53-1.fc43

• Fixed CVE-2025-66293 (high severity): Out-of-bounds read in png_image_read_composite.
• Fixed the Paeth filter handling in the RISC-V RVV implementation.
• Improved the performance of the RISC-V RVV implementation.

• brotli-1.2.0-1.fc43
• perl-Alien-Brotli-0.2.2-11.fc43
• python-urllib3-2.6.1-1.fc43

Update brotli to 1.2.0 and python-urllib3 to 2.6.1.

In python-urllib3:

• Fixed a security issue where streaming API could improperly handle highly compressed HTTP content ("decompression bombs") leading to excessive resource consumption even when a small amount of data was requested. Reading small chunks of compressed data is safer and much more efficient now. (CVE-2025-66471 / `GHSA-2xpw-w6gg-jr37)
• Fixed a security issue where an attacker could compose an HTTP response with virtually unlimited links in the Content-Encoding header, potentially leading to a denial of service (DoS) attack by exhausting system resources during decoding. The number of allowed chained encodings is now limited to 5. (CVE-2025-66418 / `GHSA-gm62-xv2j-4w53)

• checkpointctl-1.4.1-1.el9

Update checkpointctl to 1.4.1

• containernetworking-plugins-1.9.0-1.fc41

Update to release v1.9.0

• checkpointctl-1.4.1-1.fc41

Update checkpointctl to 1.4.1

• checkpointctl-1.4.1-1.fc42

Update checkpointctl to 1.4.1 (CVE-2025-47906)

• checkpointctl-1.4.1-1.fc43

Update checkpointctl to 1.4.1

• containernetworking-plugins-1.9.0-1.fc42

Update to release v1.9.0

• containernetworking-plugins-1.9.0-1.fc43

Update to release v1.9.0