Fedora Security Updates

FEDORA-2025-be0c6f25ce Packages in this update: mod_auth_openidc-2.4.17.2-1.fc41 Update description: Rebase to new version resolves CVE-2025-31492

FEDORA-2025-e689575030 Packages in this update: firefox-142.0-1.fc42 Update description: Updated to new upstream release (142.0)

FEDORA-2025-76c7ca6b1b Packages in this update: firefox-142.0-1.fc41 Update description: Updated to new upstream release (142.0)

FEDORA-2025-47e73aaaea Packages in this update: libarchive-3.8.1-1.fc42 Update description: Rebase due to a lot of CVE fixes

FEDORA-2025-6c7178c159 Packages in this update: keylime-agent-rust-0.2.8-1.fc42 Update description: Update to upstream version 0.2.8 Update idna dependency to a version not affected by CVE-2024-12224

FEDORA-EPEL-2025-e389498ad5 Packages in this update: botan2-2.19.5-2.el9 Update description: fix vulnerability CVE-2024-50382 and CVE-2024-50383

FEDORA-2025-62fe746ed0 Packages in this update: python3.13-3.13.7-1.fc41 python3-docs-3.13.7-1.fc41 Update description: Python 3.13.7 is the seventh maintenance release of 3.13. 3.13.7 is an expedited release to fix a significant issue with the 3.13.6 release: gh-137583: Regression in ssl module between 3.13.5 and 3.13.6: reading from a TLS-encrypted connection blocks A few other bug fixes (which would otherwise have waited until the next release) are also included. 3.13.6 is the sixth maintenance release of 3.13, containing around 200 bugfixes, build improvements and documentation changes since 3.13.5. This update contains fix for https://www.cve.org/CVERecord?id=CVE-2025-8194

FEDORA-2025-0ea30a8042 Packages in this update: chromium-139.0.7258.127-1.fc41 Update description: Updated to 139.0.7258.127 * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Fix FTBFS with rust-1.89.0

FEDORA-EPEL-2025-77303504f8 Packages in this update: chromium-139.0.7258.127-1.el10_1 Update description: Updated to 139.0.7258.127 * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Fix FTBFS with rust-1.89.0

FEDORA-2025-502faa722e Packages in this update: chromium-139.0.7258.127-1.fc42 Update description: Updated to 139.0.7258.127 * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Fix FTBFS with rust-1.89.0

FEDORA-EPEL-2025-7f8d0718b0 Packages in this update: chromium-139.0.7258.127-1.el9 Update description: Updated to 139.0.7258.127 * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Fix FTBFS with rust-1.89.0

FEDORA-2025-8f9b0ca4c7 Packages in this update: kubernetes1.32-1.32.8-1.fc41 Update description: Update to release v1.32.7 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes

FEDORA-2025-a1ec5a674c Packages in this update: kubernetes1.31-1.31.12-1.fc41 Update description: Update to release v1.31.12 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fix

FEDORA-2025-d78e6ddfe3 Packages in this update: kubernetes1.31-1.31.12-1.fc42 Update description: Update to release v1.31.12 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fix

FEDORA-2025-9b52dfdae9 Packages in this update: kubernetes1.32-1.32.8-1.fc42 Update description: Update to release v1.32.7 Resolves: rhbz#2388412 Resolves: CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes

FEDORA-2025-51e8d5ec56 Packages in this update: kubernetes1.33-1.33.4-1.fc41 Update description: Update to release v1.33.4 Resolves: rhbz#2388412 Fixes CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes

FEDORA-2025-409ed32016 Packages in this update: kubernetes1.33-1.33.4-1.fc42 Update description: Update to release v1.33.4 Resolves: rhbz#2388412 Fixes CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference Upstream fixes

FEDORA-2025-b597c89f32 Packages in this update: glab-1.67.0-1.fc42 Update description: Update to 1.67.0 Update to 1.66.0

FEDORA-2025-41a6e9b04d Packages in this update: glab-1.67.0-1.fc41 Update description: Update to 1.67.0 Update to 1.66.0

FEDORA-2025-1e9ad724f8 Packages in this update: rust-slab-0.4.11-1.fc42 Update description: Update to version 0.4.11. This version includes a fix for CVE-2025-55159, but there are zero packages in Fedora or EPEL that use the affected API, so no rebuilds are necessary.