The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ff88bfea14
exim-4.98.2-1.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-03946aa814
yarnpkg-1.22.22-7.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0aeac9995d
upx-5.0.0-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-3ea9a27f9b
perl-Data-Entropy-0.008-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-80a466f7f5
zabbix7.0-7.0.11-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-135.0.7049.52-2.el9
koji-image-builder-3-1.el9
rust-b3sum-1.8.1-1.el9
rust-blake3-1.8.1-1.el9
Details about builds:
================================================================================
chromium-135.0.7049.52-2.el9 (FEDORA-EPEL-2025-eb7e3d90f5)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 135.0.7049.52
High CVE-2025-3066: Use after free in Navigations
Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs
Medium CVE-2025-3068: Inappropriate implementation in Intents
Medium CVE-2025-3069: Inappropriate implementation in Extensions
Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions
Low CVE-2025-3071: Inappropriate implementation in Navigations
Low CVE-2025-3072: Inappropriate implementation in Custom Tabs
Low CVE-2025-3073: Inappropriate implementation in Autofill
Low CVE-2025-3074: Inappropriate implementation in Downloads
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 2 2025 Jan Grulich <[email protected]> - 135.0.7049.52-2
- Add CFI suppressions for inline PipeWire functions
* Tue Apr 1 2025 Than Ngo <[email protected]> - 135.0.7049.52-1
- Update to 135.0.7049.52
* Fri Mar 28 2025 Than Ngo <[email protected]> - 135.0.7049.41-1
- Update to 135.0.7049.41
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2356787 - CVE-2025-3066 chromium: Use after free in Navigations
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356787
[ 2 ] Bug #2356788 - CVE-2025-3066 chromium: Use after free in Navigations
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356788
[ 3 ] Bug #2356789 - CVE-2025-3068 chromium: Inappropriate implementation in
Intents [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356789
[ 4 ] Bug #2356790 - CVE-2025-3068 chromium: Inappropriate implementation in
Intents [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356790
[ 5 ] Bug #2356792 - CVE-2025-3072 chromium: Inappropriate implementation in
Custom Tabs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356792
[ 6 ] Bug #2356793 - CVE-2025-3072 chromium: Inappropriate implementation in
Custom Tabs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356793
[ 7 ] Bug #2356794 - CVE-2025-3073 chromium: Inappropriate implementation in
Autofill [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356794
[ 8 ] Bug #2356795 - CVE-2025-3073 chromium: Inappropriate implementation in
Autofill [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356795
[ 9 ] Bug #2356796 - CVE-2025-3070 chromium: Insufficient validation of
untrusted input in Extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356796
[ 10 ] Bug #2356797 - CVE-2025-3070 chromium: Insufficient validation of
untrusted input in Extensions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356797
[ 11 ] Bug #2356798 - CVE-2025-3069 chromium: Inappropriate implementation in
Extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356798
[ 12 ] Bug #2356799 - CVE-2025-3069 chromium: Inappropriate implementation in
Extensions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356799
[ 13 ] Bug #2356800 - CVE-2025-3071 chromium: Inappropriate implementation in
Navigations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356800
[ 14 ] Bug #2356801 - CVE-2025-3071 chromium: Inappropriate implementation in
Navigations [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2356801
--------------------------------------------------------------------------------
================================================================================
koji-image-builder-3-1.el9 (FEDORA-EPEL-2025-9a8573433f)
Koji integration plugins for image-builder
--------------------------------------------------------------------------------
Update Information:
Automatic update for koji-image-builder-3-1.el9.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 3 2025 Packit <[email protected]> - 3-1
Changes with 3
----------------
â Somewhere on the Internet, 2025-04-03
* Mon Mar 17 2025 Simon de Vlieger <[email protected]> - 1-1
- On this day, this project was born.
--------------------------------------------------------------------------------
================================================================================
rust-b3sum-1.8.1-1.el9 (FEDORA-EPEL-2025-c6457ac09c)
Command line implementation of the BLAKE3 hash function
--------------------------------------------------------------------------------
Update Information:
As of b3sum 1.7.0, added b3sum --tag, which changes the output format. This is
for compatibility with GNU checksum tools (which use the same flag) and BSD
checksum tools (which use the output format this flag turns on).
The blake3 crate now provides the blake3::hazmat module, which replaces the
undocumented and now deprecated blake3::guts module.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 3 2025 Benjamin A. Beasley <[email protected]> - 1.8.1-1
- Update to 1.8.1 (close RHBZ#2353226)
* Thu Apr 3 2025 Benjamin A. Beasley <[email protected]> - 1.7.0-1
- Update to 1.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2353226 - rust-b3sum-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2353226
[ 2 ] Bug #2353227 - rust-blake3-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2353227
--------------------------------------------------------------------------------
================================================================================
rust-blake3-1.8.1-1.el9 (FEDORA-EPEL-2025-c6457ac09c)
BLAKE3 hash function
--------------------------------------------------------------------------------
Update Information:
As of b3sum 1.7.0, added b3sum --tag, which changes the output format. This is
for compatibility with GNU checksum tools (which use the same flag) and BSD
checksum tools (which use the output format this flag turns on).
The blake3 crate now provides the blake3::hazmat module, which replaces the
undocumented and now deprecated blake3::guts module.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 3 2025 Benjamin A. Beasley <[email protected]> - 1.8.1-1
- Update to version 1.8.1; fixes RHBZ#2353227
* Thu Apr 3 2025 Benjamin A. Beasley <[email protected]> - 1.7.0-1
- Update to version 1.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2353226 - rust-b3sum-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2353226
[ 2 ] Bug #2353227 - rust-blake3-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2353227
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
