Fedora 41 Update: chromium-134.0.6998.117-1.fc41
Fedora 41 Update: golang-github-openprinting-ipp-usb-0.9.30-1.fc41
Fedora 41 Update: OpenIPMI-2.0.36-1.fc41
Fedora 40 Update: python-jinja2-3.1.6-1.fc40
Fedora 42 Update: chromium-134.0.6998.117-1.fc42
[SECURITY] Fedora 41 Update: chromium-134.0.6998.117-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-1afc565e2b
2025-03-25 01:22:46.359327+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 134.0.6998.117
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 20 2025 Than Ngo [than@redhat.com] - 134.0.6998.117-1
- Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
* Mon Mar 17 2025 Than Ngo [than@redhat.com] - 134.0.6998.88-4
- Fixed rhbz#2352698, rebuild for noopenh264 2.6.0
* Fri Mar 14 2025 Than Ngo [than@redhat.com] - 134.0.6998.88-3
- Fixed build errors on ppc64le
* Thu Mar 13 2025 Fabio Valentini [decathorpe@gmail.com] - 134.0.6998.88-2
- Rebuild for noopenh264 2.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2353461 - CVE-2025-2476 chromium: Use after free in Lens [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353461
[ 2 ] Bug #2353462 - CVE-2025-2476 chromium: Use after free in Lens [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353462
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-1afc565e2b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: golang-github-openprinting-ipp-usb-0.9.30-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-73800111e8
2025-03-25 01:22:46.359314+00:00
--------------------------------------------------------------------------------
Name : golang-github-openprinting-ipp-usb
Product : Fedora 41
Version : 0.9.30
Release : 1.fc41
URL : https://github.com/OpenPrinting/ipp-usb
Summary : HTTP reverse proxy, backed by IPP-over-USB connection to device
Description :
HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables
driverless support for USB devices capable of using IPP-over-USB protocol.
--------------------------------------------------------------------------------
Update Information:
0.9.30, rebuild due golang CVE-2025-22870
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 18 2025 Zdenek Dohnal [zdohnal@redhat.com] - 0.9.30-1
- 0.9.30 (fedora#2353036)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2351766 - CVE-2025-22870 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
https://bugzilla.redhat.com/show_bug.cgi?id=2351766
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-73800111e8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: OpenIPMI-2.0.36-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ae55d50be2
2025-03-25 01:22:46.359260+00:00
--------------------------------------------------------------------------------
Name : OpenIPMI
Product : Fedora 41
Version : 2.0.36
Release : 1.fc41
URL : https://sourceforge.net/projects/openipmi/
Summary : IPMI (Intelligent Platform Management Interface) library and tools
Description :
The Open IPMI project aims to develop an open code base to allow access to
platform information using Intelligent Platform Management Interface (IPMI).
This package contains the tools of the OpenIPMI project.
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.36
Fixes CVE-2024-42934
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 22 2024 Fedora Release Monitoring - 2.0.36-1
- Update to 2.0.36 (#2302353)
- Resolves CVE-2024-42934
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2308383 - CVE-2024-42934 OpenIPMI: missing check on the authorization type on incoming LAN messages in IPMI simulator [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2308383
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ae55d50be2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: python-jinja2-3.1.6-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8b6aa24ab4
2025-03-25 00:57:48.852448+00:00
--------------------------------------------------------------------------------
Name : python-jinja2
Product : Fedora 40
Version : 3.1.6
Release : 1.fc40
URL : https://palletsprojects.com/p/jinja/
Summary : General purpose template engine
Description :
Jinja2 is a template engine written in pure Python. It provides a
Django inspired non-XML syntax but supports inline expressions and an
optional sandboxed environment.
If you have any exposure to other text-based template languages, such
as Smarty or Django, you should feel right at home with Jinja2. It's
both designer and developer friendly by sticking to Python's
principles and adding functionality useful for templating
environments.
--------------------------------------------------------------------------------
Update Information:
Version 3.1.6
Released 2025-03-05
The |attr filter does not bypass the environment's attribute lookup, allowing
the sandbox to apply its checks.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 9 2025 Thomas Moschny [thomas.moschny@gmx.de] - 3.1.6-1
- Update to 3.1.6.
* Sat Jan 18 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350190 - CVE-2025-27516 jinja2: Jinja sandbox breakout through attr filter selecting format method
https://bugzilla.redhat.com/show_bug.cgi?id=2350190
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8b6aa24ab4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: chromium-134.0.6998.117-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3ccee236a3
2025-03-25 00:15:18.796926+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 42
Version : 134.0.6998.117
Release : 1.fc42
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 20 2025 Than Ngo [than@redhat.com] - 134.0.6998.117-1
- Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
* Mon Mar 17 2025 Than Ngo [than@redhat.com] - 134.0.6998.88-4
- Fixed rhbz#2352698, rebuild for noopenh264 2.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2353461 - CVE-2025-2476 chromium: Use after free in Lens [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353461
[ 2 ] Bug #2353462 - CVE-2025-2476 chromium: Use after free in Lens [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353462
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3ccee236a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
