Fedora has released a series of critical security updates for its Fedora 41 and 42 distributions, addressing vulnerabilities in several key packages including Chromium, CEF (Chromium Embedded Framework), UDisks2, ROCM-RPP (ROCm Performance Primitives), and Docker Buildx. The updates rectify various security issues such as type confusion in V8, use-after-free vulnerabilities in ANGLE and Extensions, out-of-bounds reads in UDisks Daemon, and information leaks in go-viper.
- CEF: The latest version is 139.0.26, which addresses multiple CVEs, including type confusion and use-after-free vulnerabilities, ensuring better security for embedded Chromium applications.
- Chromium: The update to version 139.0.7258.154 for Fedora 41 resolves a use-after-free vulnerability in ANGLE, further securing the web browser.
- UDisks2: Version 2.10.91 fixes an out-of-bounds read vulnerability, improving disk management capabilities.
- Docker Buildx: Updated to version 0.27.0, this release includes various new features and fixes, addressing an information leak related to the go-viper library.
Updates Overview
- ROCM-RPP: Updated to version 6.3.1-3.fc42, removing a prebuilt library to enhance performance for computer vision applications on AMD processors.- CEF: The latest version is 139.0.26, which addresses multiple CVEs, including type confusion and use-after-free vulnerabilities, ensuring better security for embedded Chromium applications.
- Chromium: The update to version 139.0.7258.154 for Fedora 41 resolves a use-after-free vulnerability in ANGLE, further securing the web browser.
- UDisks2: Version 2.10.91 fixes an out-of-bounds read vulnerability, improving disk management capabilities.
- Docker Buildx: Updated to version 0.27.0, this release includes various new features and fixes, addressing an information leak related to the go-viper library.
Installation Instructions
Users can install these updates through the command line using the DNF package manager. For example, to update ROCM-RPP, the following command can be executed:bashsu -c 'dnf upgrade --advisory FEDORA-2025-ca3edc5c88'More detailed instructions for using DNF can be found in the official documentation.
Security Implications
These updates are crucial for maintaining system integrity and security. Regular updates help protect against potential exploits that could compromise user data or system functionality. Users are encouraged to keep their systems updated to benefit from these critical patches.Conclusion
Fedora's commitment to security is evident in these updates, which not only address immediate vulnerabilities but also enhance the functionality and reliability of the affected software. It is recommended that users regularly check for updates and apply them promptly to ensure their systems remain secure and efficientChromium, CEF, UDisks2, ROCM-RPP, Docker Buildx updates for Fedora
Fedora has issued multiple security updates for its Fedora 41 and 42 distributions. The updates encompass fixes for vulnerabilities in packages including Chromium, CEF, UDisks2, ROCM-RPP, and Docker Buildx. These address concerns such as type confusion in V8, use-after-free in ANGLE, out-of-bounds read in UDisks Daemon, and information leak in go-viper.
Fedora 42 Update: rocm-rpp-6.3.1-3.fc42
Fedora 42 Update: cef-139.0.26^chromium139.0.7258.127-1.fc42
Fedora 41 Update: chromium-139.0.7258.154-1.fc41
Fedora 42 Update: udisks2-2.10.91-1.fc42
Fedora 42 Update: docker-buildx-0.27.0-1.fc42Chromium, CEF, UDisks2, ROCM-RPP, Docker Buildx updates for Fedora @ Linux Compatible
