In Fedora 41, the curl package has been updated to version 8.9.1-4.fc41, addressing an out-of-bounds read vulnerability associated with cookie paths (CVE-2025-9086). Additionally, the checkpointctl package received an update (version 1.4.0-3.fc41) as part of a routine rebuild.
Moving on to Fedora 42, significant updates include the Chromium browser, now at version 140.0.7339.185-1.fc42, which fixes multiple security issues such as type confusion in V8 and use-after-free vulnerabilities in Dawn and WebRTC. The checkpointctl package also received an update to version 1.4.0-3.fc42, similarly aimed at a memory leak in the xz library (CVE-2025-58058).
For Fedora 43 Beta, the checkpointctl package has been updated to version 1.4.0-3.fc43, alongside the perl-Catalyst-Authentication-Credential-HTTP module, now at version 1.019-1.fc43. This update resolves a nonce generation issue in the HTTP authentication module (CVE-2025-40920).
Users can install these updates using the "dnf" package manager, and all packages are secured with the Fedora Project GPG key to ensure integrity.
Extended Information:
These updates are crucial for maintaining the security posture of Fedora systems, as vulnerabilities can lead to data breaches or critical failures in applications. Users are encouraged to regularly check for updates and apply them promptly. Additionally, the community can contribute by reporting vulnerabilities and suggesting improvements through Fedora's bug tracking system.The Fedora Project remains committed to open-source standards and regularly provides updates not only for security vulnerabilities but also for performance enhancements and new features. As the operating system evolves, users should stay informed about the best practices for system security, including regular backups and proactive monitoring of system logs for any unusual activities
Curl, CheckpointCTL, Chromium, perl-Catalyst-Authentication-Credential updates for Fedora
Fedora 41 has received updates for the curl package (version 8.9.1-4.fc41), which fixes an out-of-bounds read issue for cookie paths (CVE-2025-9086). Fedora 42 has received updates for the Chromium browser (version 140.0.7339.185-1.fc42) and the checkpointctl package (version 1.4.0-3.fc42), which fixes several security vulnerabilities, including a memory leak in the xz library (CVE-2025-58058). Fedora 43 Beta has received updates for the checkpointctl package (version 1.4.0-3.fc43) and the perl-Catalyst-Authentication-Credential-HTTP module (version 1.019-1.fc43), which fixes several security vulnerabilities, including a nonce generation issue in the HTTP authentication module (CVE-2025-40920).
Fedora 41 Update: curl-8.9.1-4.fc41
Fedora 41 Update: checkpointctl-1.4.0-3.fc41
Fedora 42 Update: chromium-140.0.7339.185-1.fc42
Fedora 42 Update: checkpointctl-1.4.0-3.fc42
Fedora 43 Update: checkpointctl-1.4.0-3.fc43
Fedora 43 Update: perl-Catalyst-Authentication-Credential-HTTP-1.019-1.fc43
