Fedora 40 Update: vim-9.1.1122-1.fc40
Fedora 40 Update: openssh-9.6p1-2.fc40
Fedora 41 Update: chromium-133.0.6943.126-1.fc41
[SECURITY] Fedora 40 Update: vim-9.1.1122-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3e178bb819
2025-02-24 01:25:12.732958+00:00
--------------------------------------------------------------------------------
Name : vim
Product : Fedora 40
Version : 9.1.1122
Release : 1.fc40
URL : http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.
--------------------------------------------------------------------------------
Update Information:
The newest upstream commit
Security fix for CVE-2025-26603
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 19 2025 Zdenek Dohnal [zdohnal@redhat.com] - 2:9.1.1122-1
- patchlevel 1122
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2346610 - CVE-2025-26603 vim: heap-use-after-free in function str_to_reg in vim/vim [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2346610
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3e178bb819' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: openssh-9.6p1-2.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-62f6cb2785
2025-02-24 01:25:12.732945+00:00
--------------------------------------------------------------------------------
Name : openssh
Product : Fedora 40
Version : 9.6p1
Release : 2.fc40
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol version 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
--------------------------------------------------------------------------------
Update Information:
Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465, CVE-2025-26466).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 18 2025 Dmitry Belyavskiy [dbelyavs@redhat.com] - 9.6p1-2
- Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465, CVE-2025-26466).
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-62f6cb2785' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: chromium-133.0.6943.126-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-acbfdd26a1
2025-02-24 01:20:35.562450+00:00
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora 41
Version : 133.0.6943.126
Release : 1.fc41
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
Update to 133.0.6943.126
CVE-2025-0999: Heap buffer overflow in V8
CVE-2025-1426: Heap buffer overflow in GPU
CVE-2025-1006: Use after free in Network
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 19 2025 Than Ngo [than@redhat.com] - 133.0.6943.126-1
- Update to 133.0.6943.126
* CVE-2025-0999: Heap buffer overflow in V8
* CVE-2025-1426: Heap buffer overflow in GPU
* CVE-2025-1006: Use after free in Network
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2346759 - CVE-2025-0999 chromium: From CVEorg collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2346759
[ 2 ] Bug #2346761 - CVE-2025-1426 chromium: From CVEorg collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2346761
[ 3 ] Bug #2346763 - CVE-2025-1006 chromium: From CVEorg collector [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2346763
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-acbfdd26a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
