Fedora Security Advisories

FEDORA-2025-d41f5f4a2a Packages in this update:

• chromium-142.0.7444.175-2.fc43

Update description:

Update to 142.0.7444.175

* High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8

FEDORA-EPEL-2025-cdf5100498 Packages in this update:

• chromium-142.0.7444.175-2.el9

Update description:

Update to 142.0.7444.175

* High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8

Update to 142.0.7444.162

* High CVE-2025-13042: Inappropriate implementation in V8

FEDORA-2025-ee528a170d Packages in this update:

• chromium-142.0.7444.175-2.fc41

Update description:

Update to 142.0.7444.175

* High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8

FEDORA-EPEL-2025-62f79f7f05 Packages in this update:

• chromium-142.0.7444.175-2.el10_2

Update description:

Update to 142.0.7444.175

* High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8

FEDORA-2025-54b43715b6 Packages in this update:

• chromium-142.0.7444.175-2.fc42

Update description:

Update to 142.0.7444.175

* High CVE-2025-13223: Type Confusion in V8 * High CVE-2025-13224: Type Confusion in V8

FEDORA-2025-45b1844342 Packages in this update:

• gnutls-3.8.11-1.fc43

Update description:

Update to the 3.8.11 release with a fix for CVE-2025-9820 and several enhancements.

FEDORA-2025-355d5aac01 Packages in this update:

• drupal7-7.103-1.fc43

Update description:

• https://www.drupal.org/project/drupal/releases/7.99
• https://www.drupal.org/project/drupal/releases/7.100
• https://www.drupal.org/project/drupal/releases/7.101
• https://www.drupal.org/project/drupal/releases/7.102
  • https://www.drupal.org/sa-core-2024-005
  • https://www.drupal.org/sa-core-2024-008
• https://www.drupal.org/project/drupal/releases/7.103

FEDORA-2025-f8a08bb335 Packages in this update:

• drupal7-7.103-1.fc42

Update description:

• https://www.drupal.org/project/drupal/releases/7.99
• https://www.drupal.org/project/drupal/releases/7.100
• https://www.drupal.org/project/drupal/releases/7.101
• https://www.drupal.org/project/drupal/releases/7.102
  • https://www.drupal.org/sa-core-2024-005
  • https://www.drupal.org/sa-core-2024-008
• https://www.drupal.org/project/drupal/releases/7.103

FEDORA-2025-d645721ca4 Packages in this update:

• drupal7-7.103-1.fc41

Update description:

• https://www.drupal.org/project/drupal/releases/7.99
• https://www.drupal.org/project/drupal/releases/7.100
• https://www.drupal.org/project/drupal/releases/7.101
• https://www.drupal.org/project/drupal/releases/7.102
  • https://www.drupal.org/sa-core-2024-005
  • https://www.drupal.org/sa-core-2024-008
• https://www.drupal.org/project/drupal/releases/7.103

FEDORA-2025-96f340d7a0 Packages in this update:

• source-to-image-1.5.1-1.fc42

Update description:

Update to 1.5.1, migrate to Go Vendor Tools

FEDORA-2025-dc3c993169 Packages in this update:

• source-to-image-1.5.1-1.fc43

Update description:

Update to 1.5.1, migrate to Go Vendor Tools

FEDORA-EPEL-2025-5b2095e2c2 Packages in this update:

• xpdf-4.06-1.el8

Update description:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs:

CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896

FEDORA-EPEL-2025-9a55de96db Packages in this update:

• xpdf-4.06-1.el9

Update description:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs:

CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896

FEDORA-2025-e72c726192 Packages in this update:

• xpdf-4.06-1.fc42

Update description:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs:

CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896

FEDORA-2025-7c5b6a3bcb Packages in this update:

• xpdf-4.06-1.fc43

Update description:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs:

CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896

FEDORA-2025-a6dd878882 Packages in this update:

• python-kdcproxy-1.1.0-1.fc44

Update description:

Automatic update for python-kdcproxy-1.1.0-1.fc44.

Changelog * Wed Nov 19 2025 Julien Rische <jrische@redhat.com> - 1.1.0-1 - New upstream version (1.1.0) - Use DNS discovery for declared realms only (CVE-2025-59088) Resolves: rhbz#2415861 - Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089) Resolves: rhbz#2415860 - Stop using deprecated \ CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS}}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\ /usr/bin/python3 setup.py build --executable="/usr/bin/python3 -sP" /\ CFLAGS="${CFLAGS:-${RPM_OPT_FLAGS}}" LDFLAGS="${LDFLAGS:-${RPM_LD_FLAGS}}"\ /usr/bin/python3 setup.py install -O1 --skip-build --root /builddir/build/BUILD/python-kdcproxy-1.1.0-build/BUILDROOT --prefix /usr macros rm -rfv /builddir/build/BUILD/python-kdcproxy-1.1.0-build/BUILDROOT/usr/bin/__pycache__ Resolves: rhbz#2377837

FEDORA-2025-3f9b87b0e7 Packages in this update:

• python-kdcproxy-1.1.0-1.fc43

Update description:

• New upstream version (1.1.0)
• Use DNS discovery for declared realms only (CVE-2025-59088)
• Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)
• Stop using deprecated %py3_build/%py3_install macros

FEDORA-2025-068c570cbf Packages in this update:

• python-kdcproxy-1.1.0-1.fc42

Update description:

• New upstream version (1.1.0)
• Use DNS discovery for declared realms only (CVE-2025-59088)
• Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)

FEDORA-2025-3075610004 Packages in this update:

• python-kdcproxy-1.1.0-1.fc41

Update description:

• New upstream version (1.1.0)
• Use DNS discovery for declared realms only (CVE-2025-59088)
• Fix DoS vulnerability based on unbounded TCP buffering (CVE-2025-59089)

FEDORA-2025-15c3d1dcfc Packages in this update:

• openbao-2.4.3-2.fc41

Update description:

Rebuild to add hsm tag.

The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and CVE-2025-58183.