Chromium, Xen, Linux Firmware, VIM updates for Fedora

Fedora Linux 8890 Published 15 hours ago by Philipp Esselbach

News

Fedora Linux has been updated with various security enhancements, which include chromium-134.0.6998.88-1.fc40, xen-4.18.4-2.fc40, linux-firmware-20250311-1.fc41, chromium-134.0.6998.88-1.fc41, and vim-9.1.1202-1.fc41:

Fedora 40 Update: chromium-134.0.6998.88-1.fc40
Fedora 40 Update: xen-4.18.4-2.fc40
Fedora 41 Update: linux-firmware-20250311-1.fc41
Fedora 41 Update: chromium-134.0.6998.88-1.fc41
Fedora 41 Update: vim-9.1.1202-1.fc41

[SECURITY] Fedora 40 Update: chromium-134.0.6998.88-1.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-8fdc09e745
2025-03-15 02:51:38.282176+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 40
Version : 134.0.6998.88
Release : 1.fc40
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 134.0.6998.88
High CVE-2025-1920: Type Confusion in V8
High CVE-2025-2135: Type Confusion in V8
Medium CVE-2025-2136: Use after free in Inspector
Medium CVE-2025-2137: Out of bounds read in V8
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2025 Than Ngo [than@redhat.com] - 134.0.6998.88 -1
- Update to 134.0.6998.88
* High CVE-2025-1920: Type Confusion in V8
* High CVE-2025-2135: Type Confusion in V8
* High CVE-TBD: Out of bounds write in GPU
* Medium CVE-2025-2136: Use after free in Inspector
* Medium CVE-2025-2137: Out of bounds read in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2351263 - CVE-2025-1920 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2351263
[ 2 ] Bug #2351264 - CVE-2025-1920 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2351264
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-8fdc09e745' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 40 Update: xen-4.18.4-2.fc40

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-20bd6d94b9
2025-03-15 02:51:38.282041+00:00
--------------------------------------------------------------------------------

Name : xen
Product : Fedora 40
Version : 4.18.4
Release : 2.fc40
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor

--------------------------------------------------------------------------------
Update Information:

deadlock potential with VT-d and legacy PCI device pass-through
[XSA-467, CVE-2025-1713]
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 27 2025 Michael Young [m.a.young@durham.ac.uk] - 4.18.4-2
- deadlock potential with VT-d and legacy PCI device pass-through
[XSA-467, CVE-2025-1713]
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-20bd6d94b9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: linux-firmware-20250311-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7f56eb37a0
2025-03-15 02:23:06.786553+00:00
--------------------------------------------------------------------------------

Name : linux-firmware
Product : Fedora 41
Version : 20250311
Release : 1.fc41
URL : http://www.kernel.org/
Summary : Firmware files used by the Linux kernel
Description :
This package includes firmware files required for some devices to
operate.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 20250311:
amdgpu: many firmware updates
qcom: Update gpu firmwares for qcs8300 chipset
add firmware for qat_420xx devices
amdgpu: DMCUB updates for various ASICs
i915: Update Xe3LPD DMC to v2.20
update firmware for MT7920/MT7925 WiFi device
mediatek MT7920/MT7925 bluetooth firmware update
Update firmware file for Intel BlazarI/BlazarU core
intel_vpu: Add firmware for 37xx and 40xx NPUs
QCA: Add Bluetooth firmwares for QCA2066 with USB transport
QCA: Add two bluetooth firmware nvm files for QCA2066
QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00653
QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00653
cirrus: cs35l41: Add firmware and tuning for ASUS Commercial/Consumer laptops
ASoC: tas2781: Update dsp firmware for Gemtree project
xe: Update GUC to v70.40.2 for BMG, LNL
cirrus: cs35l41: Add firmware and tunings for CS35L41 driver for Steam Deck
ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02175-QCAHKSWPL_SILICONZ-2
ath11k: QCA6698AQ hw2.1: update to
WLAN.HSP.1.1-04604-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
ath11k: QCA6698AQ hw2.1: update board-2.bin
rtw89: 8852bt: update fw to v0.29.122.0 and BB parameter to 07
Update AMD SEV firmware
qca: update WCN3988 firmware
amdgpu: Update ISP FW for isp v4.1.1
qcom: add firmware for Adreno A225
cirrus: cs35l56: Add / update firmware for Cirrus CS35L56 for
ASUS/Dell/HP/Lenovo laptops
update firmware for en8811h 2.5G ethernet phy
ASoC: tas2781: Change regbin firmwares for single device
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 20250311-1
- Update to 20250311
- amdgpu: many firmware updates
- qcom: Update gpu firmwares for qcs8300 chipset
- add firmware for qat_420xx devices
- amdgpu: DMCUB updates for various ASICs
- i915: Update Xe3LPD DMC to v2.20
- update firmware for MT7920/MT7925 WiFi device
- mediatek MT7920/MT7925 bluetooth firmware update
- Update firmware file for Intel BlazarI/BlazarU core
- intel_vpu: Add firmware for 37xx and 40xx NPUs
- QCA: Add Bluetooth firmwares for QCA2066 with USB transport
- QCA: Add two bluetooth firmware nvm files for QCA2066
- QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00653
- QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00653
- cirrus: cs35l41: Add firmware and tuning for ASUS Commercial/Consumer laptops
- ASoC: tas2781: Update dsp firmware for Gemtree project
- xe: Update GUC to v70.40.2 for BMG, LNL
- cirrus: cs35l41: Add firmware and tunings for CS35L41 driver for Steam Deck
- ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02175-QCAHKSWPL_SILICONZ-2
- ath11k: QCA6698AQ hw2.1: update to WLAN.HSP.1.1-04604-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
- ath11k: QCA6698AQ hw2.1: update board-2.bin
- rtw89: 8852bt: update fw to v0.29.122.0 and BB parameter to 07
- Update AMD SEV firmware
- qca: update WCN3988 firmware
- amdgpu: Update ISP FW for isp v4.1.1
- qcom: add firmware for Adreno A225
- cirrus: cs35l56: Add / update firmware for Cirrus CS35L56 for ASUS/Dell/HP/Lenovo laptops
- update firmware for en8811h 2.5G ethernet phy
- ASoC: tas2781: Change regbin firmwares for single device
* Tue Feb 11 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 20250211-1
- Update to 20250211
- i915: Update Xe2LPD DMC to v2.28
- ASoC: tas2781: Add regbin firmware by index for single device
- rtl_bt: Update RTL8852B BT USB FW to 0x0474_842D
- iwlwifi: add Bz/gl/ty/So/Ma FW for core93-123 release
- iwlwifi: update cc/Qu/QuZ firmwares for core93-82 release
- ASoC: tas2781: Add dsp firmware for new projects
- amdgpu: DMCUB update for DCN401
- ath12k: WCN7850 hw2.0: update board-2.bin
- ath12k: QCN9274 hw2.0: update to WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
- ath12k: QCN9274 hw2.0: update board-2.bin
- ath11k: WCN6750 hw1.0: update board-2.bin
- ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1
- ath11k: QCA6698AQ hw2.1: add to WLAN.HSP.1.1-04479-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1
- ath11k: QCA6698AQ hw2.1: add board-2.bin
- ath11k: QCA6390 hw2.0: update board-2.bin
- ath11k: QCA2066 hw2.1: update to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6
- ath11k: QCA2066 hw2.1: update board-2.bin
- ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1
- ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-02409-QCAHKSWPL_SILICONZ-1
- ath11k: add device-specific firmware for QCM6490 boards
- qca: add more WCN3950 1.3 NVM files
- qca: add firmware for WCN3950 chips
- qca: move QCA6390 firmware to separate section
- qca: restore licence information for WCN399x firmware
- qca: Update Bluetooth WCN6750 1.1.0-00476 firmware to 1.1.3-00069
- qcom:x1e80100: Support for Lenovo T14s G6 Qualcomm platform
- Update FW files for MRVL SD8997 chips
- i915: Update Xe2LPD DMC to v2.27
- qca: Update Bluetooth WCN6856 firmware 2.1.0-00642 to 2.1.0-00650
- rtl_bt: Update RTL8852B BT USB FW to 0x049B_5037
- amdgpu: Update ISP FW for isp v4.1.1
- QCA: Add Bluetooth firmware for QCA6698
- amlogic: update firmware for w265s2
- mediatek MT7925: update bluetooth firmware to 20250113153307
- update firmware for MT7925 WiFi device
- amdgpu: LOTS of firmware updates
- qcom: update SLPI firmware for RB5 board
- amdgpu: DMCUB updates for various AMDGPU ASICs
- qcom: add DSP firmware for SA8775p platform
- qcom: correct venus firmware versions
- qcom: add missing version information
- Update firmware (v10) for mt7988 internal
- iwlwifi: add Bz FW for core90-93 release
- wilc3000: add firmware for WILC3000 WiFi device
- rtw89: 8852b: update fw to v0.29.29.8
- rtw89: 8852c: update fw to v0.27.122.0
- rtw89: 8922a: update fw to v0.35.54.0
- rtw89: 8852bt: update fw to v0.29.110.0
- rtw89: 8852b: update fw to v0.29.29.7
- cirrus: cs35l56: Correct some links to address the correct amp instance
- Update firmware file for Intel Bluetooth Magnetar/BlazarU/Solar core
* Fri Jan 10 2025 Peter Robinson [pbrobinson@fedoraproject.org] - 20250109-1
- Update to 20250109
- cirrus: cs35l41: Add Firmware for Ayaneo system 1f660105
- rtl_bt: Add separate config for RLT8723CS Bluetooth part
- amdgpu: revert some firmwares
- WHENCE: Link the Raspberry Pi CM5 and 500 to the 4B
- Add support to install files/symlinks in parallel.
- rtl_bt: Update RTL8852B BT USB FW to 0x04BE_1F5E
- cnm: update chips&media wave521c firmware.
- rtl_nic: add firmware rtl8125bp-2
- qcom: venus-5.4: update firmware binary for sc7180 and qcs615
- cirrus: cs35l56: Correct filenames of SSID 17aa3832
- cirrus: cs35l56: Add and update firmware for various Cirrus CS35L54/CS35L56 laptops
- cirrus: cs35l56: Correct SSID order for 103c8d01 103c8d08 10431f43
- rtl_nic: add firmware rtl8125d-2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2332762 - CVE-2024-21978 linux-firmware: hw:amd: Improper input validation in SEV-SNP [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332762
[ 2 ] Bug #2332763 - CVE-2024-21978 linux-firmware: hw:amd: Improper input validation in SEV-SNP [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332763
[ 3 ] Bug #2332764 - CVE-2023-31355 linux-firmware: hw:amd: Improper Restriction of Write Operations in SNP Firmware [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2332764
[ 4 ] Bug #2332765 - CVE-2023-31355 linux-firmware: hw:amd: Improper Restriction of Write Operations in SNP Firmware [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2332765
[ 5 ] Bug #2337005 - Updated Cirrus firmware files for some Lenovo LNL platforms
https://bugzilla.redhat.com/show_bug.cgi?id=2337005
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7f56eb37a0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: chromium-134.0.6998.88-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d5935f40af
2025-03-15 02:23:06.786547+00:00
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 41
Version : 134.0.6998.88
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update to 134.0.6998.88
High CVE-2025-1920: Type Confusion in V8
High CVE-2025-2135: Type Confusion in V8
Medium CVE-2025-2136: Use after free in Inspector
Medium CVE-2025-2137: Out of bounds read in V8
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 11 2025 Than Ngo [than@redhat.com] - 134.0.6998.88 -1
- Update to 134.0.6998.88
* High CVE-2025-1920: Type Confusion in V8
* High CVE-2025-2135: Type Confusion in V8
* High CVE-TBD: Out of bounds write in GPU
* Medium CVE-2025-2136: Use after free in Inspector
* Medium CVE-2025-2137: Out of bounds read in V8
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2351263 - CVE-2025-1920 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2351263
[ 2 ] Bug #2351264 - CVE-2025-1920 chromium: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2351264
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d5935f40af' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

[SECURITY] Fedora 41 Update: vim-9.1.1202-1.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7b21a14892
2025-03-16 02:26:46.309007+00:00
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 41
Version : 9.1.1202
Release : 1.fc41
URL : http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

patchlevel 1202
Security fix for CVE-2025-29768
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 14 2025 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.1202-1
- patchlevel 1202
* Fri Mar 7 2025 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.1179-1
- patchlevel 1179
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2352418 - CVE-2025-29768 vim: Vim vulnerable to potential data loss with zip.vim and special crafted zip files
https://bugzilla.redhat.com/show_bug.cgi?id=2352418
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7b21a14892' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

PHP 8.4.5, 8.3.19, 8.2.28, and 8.1.32 packages for Debian 11 LTS and 12

Freetype update for Slackware

Chromium, Xen, Linux Firmware, VIM updates for Fedora

[SECURITY] Fedora 40 Update: chromium-134.0.6998.88-1.fc40

[SECURITY] Fedora 40 Update: xen-4.18.4-2.fc40

[SECURITY] Fedora 41 Update: linux-firmware-20250311-1.fc41

[SECURITY] Fedora 41 Update: chromium-134.0.6998.88-1.fc41

[SECURITY] Fedora 41 Update: vim-9.1.1202-1.fc41

Windows

Linux

macOS

Community