1. Expat: The XML parser library has been updated to version 2.7.2, featuring bug fixes and a rebase. Notably, this update resolves issues related to CVE-2025-59375.
2. LibSSH: This SSH protocol implementation library has been upgraded to version 0.11.3, which fixes two significant security weaknesses: CVE-2025-8114 (a NULL pointer dereference) and CVE-2025-8277 (memory leak during key exchange).
3. WebkitGTK: The GTK web content engine library has been updated to version 2.50.0. This update includes enhancements for rendering performance and addresses four vulnerabilities: CVE-2025-43272, CVE-2025-43342, CVE-2025-43356, and CVE-2025-43368.
4. Chromium: The web browser has been updated to version 140.0.7339.185 to tackle several critical security issues, including type confusion in V8 (CVE-2025-10585), use-after-free vulnerabilities in Dawn and WebRTC (CVE-2025-10500 and CVE-2025-10501), and a heap buffer overflow in ANGLE (CVE-2025-10502).
Each of these updates can be installed using the dnf update utility, ensuring that users maintain a secure and stable system. The updates highlight Fedora's commitment to security and timely software maintenance, encouraging users to regularly check for updates to safeguard their systems against emerging threats.
In addition to these updates, users are encouraged to stay informed about new vulnerabilities and patches beyond the current updates. This can help ensure a proactive approach to system security, which is vital in today's rapidly evolving digital landscape. Regularly monitoring security advisories from Fedora and other relevant sources can further enhance the security posture of Fedora users
Expat, LibSSH, WebkitGTK, Chromium updates for Fedora
Fedora has released updates for several packages to address security vulnerabilities. The expat package, an XML parser library, has been updated to version 2.7.2 with a rebase and bug fixes. The libssh package, a library implementing the SSH protocol, has also been updated to fix two security weaknesses (CVE-2025-8114 and CVE-2025-8277). Additionally, updates have been released for webkitgtk, which fixed four security vulnerabilities (CVE-2025-43272, CVE-2025-43342, CVE-2025-43356, and CVE-2025-43368), and chromium, a WebKit-powered web browser, to address several security issues.
Fedora 41 Update: expat-2.7.2-1.fc41
Fedora 41 Update: libssh-0.11.3-1.fc41
Fedora 42 Update: webkitgtk-2.50.0-1.fc42
Fedora 43 Update: chromium-140.0.7339.185-1.fc43Expat, LibSSH, WebkitGTK, Chromium updates for Fedora @ Linux Compatible
