Fedora Security Advisories

• linux-firmware-20250311-1.fc42

Update to upstream 20250311:

• amdgpu: many firmware updates
• qcom: Update gpu firmwares for qcs8300 chipset
• add firmware for qat_420xx devices
• amdgpu: DMCUB updates for various ASICs
• i915: Update Xe3LPD DMC to v2.20
• update firmware for MT7920/MT7925 WiFi device
• mediatek MT7920/MT7925 bluetooth firmware update
• Update firmware file for Intel BlazarI/BlazarU core
• intel_vpu: Add firmware for 37xx and 40xx NPUs
• QCA: Add Bluetooth firmwares for QCA2066 with USB transport
• QCA: Add two bluetooth firmware nvm files for QCA2066
• QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00653
• QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00653
• cirrus: cs35l41: Add firmware and tuning for ASUS Commercial/Consumer laptops
• ASoC: tas2781: Update dsp firmware for Gemtree project
• xe: Update GUC to v70.40.2 for BMG, LNL
• cirrus: cs35l41: Add firmware and tunings for CS35L41 driver for Steam Deck
• ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02175-QCAHKSWPL_SILICONZ-2
• ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04604-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
• ath11k: QCA6698AQ hw2.1: update board-2.bin
• rtw89: 8852bt: update fw to v0.29.122.0 and BB parameter to 07
• Update AMD SEV firmware
• qca: update WCN3988 firmware
• amdgpu: Update ISP FW for isp v4.1.1
• qcom: add firmware for Adreno A225
• cirrus: cs35l56: Add / update firmware for Cirrus CS35L56 for ASUS/Dell/HP/Lenovo laptops
• update firmware for en8811h 2.5G ethernet phy
• ASoC: tas2781: Change regbin firmwares for single device

• linux-firmware-20250311-1.fc40

Update to upstream 20250311:

• amdgpu: many firmware updates
• qcom: Update gpu firmwares for qcs8300 chipset
• add firmware for qat_420xx devices
• amdgpu: DMCUB updates for various ASICs
• i915: Update Xe3LPD DMC to v2.20
• update firmware for MT7920/MT7925 WiFi device
• mediatek MT7920/MT7925 bluetooth firmware update
• Update firmware file for Intel BlazarI/BlazarU core
• intel_vpu: Add firmware for 37xx and 40xx NPUs
• QCA: Add Bluetooth firmwares for QCA2066 with USB transport
• QCA: Add two bluetooth firmware nvm files for QCA2066
• QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00653
• QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00653
• cirrus: cs35l41: Add firmware and tuning for ASUS Commercial/Consumer laptops
• ASoC: tas2781: Update dsp firmware for Gemtree project
• xe: Update GUC to v70.40.2 for BMG, LNL
• cirrus: cs35l41: Add firmware and tunings for CS35L41 driver for Steam Deck
• ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02175-QCAHKSWPL_SILICONZ-2
• ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04604-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
• ath11k: QCA6698AQ hw2.1: update board-2.bin
• rtw89: 8852bt: update fw to v0.29.122.0 and BB parameter to 07
• Update AMD SEV firmware
• qca: update WCN3988 firmware
• amdgpu: Update ISP FW for isp v4.1.1
• qcom: add firmware for Adreno A225
• cirrus: cs35l56: Add / update firmware for Cirrus CS35L56 for ASUS/Dell/HP/Lenovo laptops
• update firmware for en8811h 2.5G ethernet phy
• ASoC: tas2781: Change regbin firmwares for single device

• linux-firmware-20250311-1.fc41

Update to upstream 20250311:

• amdgpu: many firmware updates
• qcom: Update gpu firmwares for qcs8300 chipset
• add firmware for qat_420xx devices
• amdgpu: DMCUB updates for various ASICs
• i915: Update Xe3LPD DMC to v2.20
• update firmware for MT7920/MT7925 WiFi device
• mediatek MT7920/MT7925 bluetooth firmware update
• Update firmware file for Intel BlazarI/BlazarU core
• intel_vpu: Add firmware for 37xx and 40xx NPUs
• QCA: Add Bluetooth firmwares for QCA2066 with USB transport
• QCA: Add two bluetooth firmware nvm files for QCA2066
• QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00653
• QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00653
• cirrus: cs35l41: Add firmware and tuning for ASUS Commercial/Consumer laptops
• ASoC: tas2781: Update dsp firmware for Gemtree project
• xe: Update GUC to v70.40.2 for BMG, LNL
• cirrus: cs35l41: Add firmware and tunings for CS35L41 driver for Steam Deck
• ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02175-QCAHKSWPL_SILICONZ-2
• ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04604-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
• ath11k: QCA6698AQ hw2.1: update board-2.bin
• rtw89: 8852bt: update fw to v0.29.122.0 and BB parameter to 07
• Update AMD SEV firmware
• qca: update WCN3988 firmware
• amdgpu: Update ISP FW for isp v4.1.1
• qcom: add firmware for Adreno A225
• cirrus: cs35l56: Add / update firmware for Cirrus CS35L56 for ASUS/Dell/HP/Lenovo laptops
• update firmware for en8811h 2.5G ethernet phy
• ASoC: tas2781: Change regbin firmwares for single device

• firefox-136.0.1-1.fc42

• New upstream release (136.0.1)

• Updated to latest upstream (136.0)

• chromium-134.0.6998.88-1.fc41

Update to 134.0.6998.88

• High CVE-2025-1920: Type Confusion in V8
• High CVE-2025-2135: Type Confusion in V8
• Medium CVE-2025-2136: Use after free in Inspector
• Medium CVE-2025-2137: Out of bounds read in V8

• chromium-134.0.6998.88-1.el10_1

Update to 134.0.6998.88

• High CVE-2025-1920: Type Confusion in V8
• High CVE-2025-2135: Type Confusion in V8
• Medium CVE-2025-2136: Use after free in Inspector
• Medium CVE-2025-2137: Out of bounds read in V8

• chromium-134.0.6998.88-1.el9

Update to 134.0.6998.88

• High CVE-2025-1920: Type Confusion in V8
• High CVE-2025-2135: Type Confusion in V8
• Medium CVE-2025-2136: Use after free in Inspector
• Medium CVE-2025-2137: Out of bounds read in V8

• chromium-134.0.6998.88-1.fc40

Update to 134.0.6998.88

• High CVE-2025-1920: Type Confusion in V8
• High CVE-2025-2135: Type Confusion in V8
• Medium CVE-2025-2136: Use after free in Inspector
• Medium CVE-2025-2137: Out of bounds read in V8

• fluent-bit-3.2.8-1.fc42

Update to 3.2.8 - Closes rhbz#2137000 rhbz#2340164 rhbz#2300673

• fluent-bit-3.2.8-1.fc41

Update to 3.2.8 - Closes rhbz#2137000 rhbz#2340164 rhbz#2300673

• fluent-bit-3.2.8-1.el10_1

Update to 3.2.8 - Closes rhbz#2137000 rhbz#2340164 rhbz#2300673

• fluent-bit-3.2.8-1.el9

Update to 3.2.8 - Closes rhbz#2137000 rhbz#2340164 rhbz#2300673

• fluent-bit-3.2.8-1.fc40

Update to 3.2.8 - Closes rhbz#2137000 rhbz#2340164 rhbz#2300673

• libssh2-1.11.1-1.el10_0

This update, to the current upstream libssh2 release, addresses a couple of security issues:

• CVE-2023-6918 (missing checks for return values for digests)
• CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin")

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

• libssh2-1.11.1-1.el10_1

This update, to the current upstream libssh2 release, addresses a couple of security issues:

• CVE-2023-6918 (missing checks for return values for digests)
• CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin")

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

• libssh2-1.11.1-1.fc40

This update, to the current upstream libssh2 release, addresses a couple of security issues:

• CVE-2023-6918 (missing checks for return values for digests)
• CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin")

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

• libssh2-1.11.1-1.fc41

This update, to the current upstream libssh2 release, addresses a couple of security issues:

• CVE-2023-6918 (missing checks for return values for digests)
• CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin")

It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period. See the RELEASE_NOTES file for full details.

In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file.

• php-8.3.19-1.fc40

PHP version 8.3.19 (13 Mar 2025)

BCMath:

• Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)

Core:

• Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). (ilutov)
• Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). (timwolla)
• Fix fallback paths in fast_long_{add,sub}_function. (nielsdos)
• Fixed bug GH-17718 (Calling static methods on an interface that has __callStatic is allowed). (timwolla)
• Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path). (David Carlier)
• Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) (ilutov)

DOM:

• Fixed bug GH-17847 (xinclude destroys live node). (nielsdos)

FFI:

• Fix FFI Parsing of Pointer Declaration Lists. (davnotdev)

FPM:

• Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). (Jakub Zelenka)

GD:

• Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). (David Carlier)

LDAP:

• Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). (nielsdos, 7u83)

LibXML:

• Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of php#72714). (nielsdos)
• Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong content-type header when requesting a redirected resource). (CVE-2025-1219) (timwolla)

MBString:

• Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). (cmb)

Opcache:

• Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). (nielsdos)
• Fixed bug GH-17577 (JIT packed type guard crash). (nielsdos, Dmitry)
• Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled). (David Carlier)
• Fixed bug GH-17868 (Cannot allocate memory with tracing JIT). (nielsdos)

PDO_SQLite:

• Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). (cmb)
• Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos)

Phar:

• Fixed bug GH-17808: PharFileInfo refcount bug. (nielsdos)

PHPDBG:

• Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). (nielsdos)
• Fix memory leak in phpdbg calling registered function. (nielsdos)

Reflection:

• Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). (DanielEScherzer)

Standard:

• Fixed bug php#72666 (stat cache clearing inconsistent between file:// paths and plain paths). (Jakub Zelenka)

Streams:

• Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
• Fix memory leak on overflow in _php_stream_scandir(). (nielsdos)
• Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) (Jakub Zelenka)
• Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
• Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) (Jakub Zelenka)
• Fixed GHSA-v8xr-gpvj-cx9g (Header parser of http stream wrapper does not handle folded headers). (CVE-2025-1217) (Jakub Zelenka)

Zlib:

• Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). (nielsdos)
• Fix memory leak when encoding check fails. (nielsdos)
• Fix zlib support for large files. (nielsdos)

• php-8.3.19-1.fc41

PHP version 8.3.19 (13 Mar 2025)

BCMath:

• Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)

Core:

• Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). (ilutov)
• Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). (timwolla)
• Fix fallback paths in fast_long_{add,sub}_function. (nielsdos)
• Fixed bug GH-17718 (Calling static methods on an interface that has __callStatic is allowed). (timwolla)
• Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path). (David Carlier)
• Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) (ilutov)

DOM:

• Fixed bug GH-17847 (xinclude destroys live node). (nielsdos)

FFI:

• Fix FFI Parsing of Pointer Declaration Lists. (davnotdev)

FPM:

• Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). (Jakub Zelenka)

GD:

• Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). (David Carlier)

LDAP:

• Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). (nielsdos, 7u83)

LibXML:

• Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of php#72714). (nielsdos)
• Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong content-type header when requesting a redirected resource). (CVE-2025-1219) (timwolla)

MBString:

• Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). (cmb)

Opcache:

• Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). (nielsdos)
• Fixed bug GH-17577 (JIT packed type guard crash). (nielsdos, Dmitry)
• Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled). (David Carlier)
• Fixed bug GH-17868 (Cannot allocate memory with tracing JIT). (nielsdos)

PDO_SQLite:

• Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). (cmb)
• Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos)

Phar:

• Fixed bug GH-17808: PharFileInfo refcount bug. (nielsdos)

PHPDBG:

• Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). (nielsdos)
• Fix memory leak in phpdbg calling registered function. (nielsdos)

Reflection:

• Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). (DanielEScherzer)

Standard:

• Fixed bug php#72666 (stat cache clearing inconsistent between file:// paths and plain paths). (Jakub Zelenka)

Streams:

• Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
• Fix memory leak on overflow in _php_stream_scandir(). (nielsdos)
• Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) (Jakub Zelenka)
• Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
• Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) (Jakub Zelenka)
• Fixed GHSA-v8xr-gpvj-cx9g (Header parser of http stream wrapper does not handle folded headers). (CVE-2025-1217) (Jakub Zelenka)

Zlib:

• Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). (nielsdos)
• Fix memory leak when encoding check fails. (nielsdos)
• Fix zlib support for large files. (nielsdos)

• php-8.4.5-1.fc42

PHP version 8.4.5 (13 Mar 2025)

BCMath:

• Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi)

Core:

• Fixed bug GH-17623 (Broken stack overflow detection for variable compilation). (ilutov)
• Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account). (timwolla)
• Fix fallback paths in fast_long_{add,sub}_function. (nielsdos)
• Fixed bug OSS-Fuzz php#391975641 (Crash when accessing property backing value by reference). (ilutov)
• Fixed bug GH-17718 (Calling static methods on an interface that has __callStatic is allowed). (timwolla)
• Fixed bug GH-17713 (ReflectionProperty::getRawValue() and related methods may call hooks of overridden properties). (Arnaud)
• Fixed bug GH-17916 (Final abstract properties should error). (DanielEScherzer)
• Fixed bug GH-17866 (zend_mm_heap corrupted error after upgrading from 8.4.3 to 8.4.4). (nielsdos)
• Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235) (ilutov)

DOM:

• Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of Dom\HTML_NO_DEFAULT_NS). (nielsdos)
• Fixed bug GH-17802 (\Dom\HTMLDocument querySelector attribute name is case sensitive in HTML). (nielsdos)
• Fixed bug GH-17847 (xinclude destroys live node). (nielsdos)
• Fix using Dom\Node with Dom\XPath callbacks. (nielsdos)

GD:

• Fixed bug GH-17703 (imagescale with both width and height negative values triggers only an Exception on width). (David Carlier)

FFI:

• Fix FFI Parsing of Pointer Declaration Lists. (davnotdev)

FPM:

• Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env). (Jakub Zelenka)

GD:

• Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M). (David Carlier)

LDAP:

• Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys). (nielsdos, 7u83)

LibXML:

• Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of php#72714). (nielsdos)
• Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong content-type header when requesting a redirected resource). (CVE-2025-1219) (timwolla)

MBString:

• Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables). (cmb)

Opcache:

• Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash). (nielsdos)
• Fixed bug GH-17577 (JIT packed type guard crash). (nielsdos, Dmitry)
• Fixed bug GH-17747 (Exception on reading property in register-based FETCH_OBJ_R breaks JIT). (Dmitry, nielsdos)
• Fixed bug GH-17715 (Null pointer deref in observer API when calling cases() method on preloaded enum). (Bob)
• Fixed bug GH-17868 (Cannot allocate memory with tracing JIT on 8.4.4). (nielsdos)

PDO_SQLite:

• Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). (cmb)
• Fix cycle leak in sqlite3 setAuthorizer(). (nielsdos)
• Fix memory leaks in pdo_sqlite callback registration. (nielsdos)

Phar:

• Fixed bug GH-17808: PharFileInfo refcount bug. (nielsdos)

PHPDBG:

• Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer). (nielsdos)
• Fix memory leak in phpdbg calling registered function. (nielsdos)

Reflection:

• Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). (DanielEScherzer)
• Fixed missing final and abstract flags when dumping properties. (DanielEScherzer)

Standard:

• Fixed bug php#72666 (stat cache clearing inconsistent between file:// paths and plain paths). (Jakub Zelenka)

Streams:

• Fixed bug GH-17650 (realloc with size 0 in user_filters.c). (nielsdos)
• Fix memory leak on overflow in _php_stream_scandir(). (nielsdos)
• Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) (Jakub Zelenka)
• Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka)
• Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) (Jakub Zelenka)
• Fixed GHSA-v8xr-gpvj-cx9g (Header parser of http stream wrapper does not handle folded headers). (CVE-2025-1217) (Jakub Zelenka)

Zlib:

• Fixed bug GH-17745 (zlib extension incorrectly handles object arguments). (nielsdos)
• Fix memory leak when encoding check fails. (nielsdos)
• Fix zlib support for large files. (nielsdos)