Aggregator

FEDORA-EPEL-2026-c0b39ff94f Packages in this update:

• chromium-148.0.7778.178-1.el10_3

Update description:

Update to 148.0.7778.178

• CVE-2026-9111: Use after free in WebRTC
• CVE-2026-9110: Inappropriate implementation in UI
• CVE-2026-9112: Use after free in GPU
• CVE-2026-9113: Out of bounds read in GPU
• CVE-2026-9114: Use after free in QUIC
• CVE-2026-9115: Insufficient policy enforcement in Service Worker
• CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
• CVE-2026-9117: Type Confusion in GFX
• CVE-2026-9118: Use after free in XR
• CVE-2026-9119: Heap buffer overflow in WebRTC
• CVE-2026-9120: Use after free in WebRTC
• CVE-2026-9126: Use after free in DOM
• CVE-2026-9121: Out of bounds read in GPU
• CVE-2026-9122: Out of bounds read in GPU
• CVE-2026-9123: Heap buffer overflow in Chromecast
• CVE-2026-9124: Insufficient validation of untrusted input in Input

FEDORA-2026-b17799ac62 Packages in this update:

• chromium-148.0.7778.178-1.fc43

Update description:

Update to 148.0.7778.178

• CVE-2026-9111: Use after free in WebRTC
• CVE-2026-9110: Inappropriate implementation in UI
• CVE-2026-9112: Use after free in GPU
• CVE-2026-9113: Out of bounds read in GPU
• CVE-2026-9114: Use after free in QUIC
• CVE-2026-9115: Insufficient policy enforcement in Service Worker
• CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
• CVE-2026-9117: Type Confusion in GFX
• CVE-2026-9118: Use after free in XR
• CVE-2026-9119: Heap buffer overflow in WebRTC
• CVE-2026-9120: Use after free in WebRTC
• CVE-2026-9126: Use after free in DOM
• CVE-2026-9121: Out of bounds read in GPU
• CVE-2026-9122: Out of bounds read in GPU
• CVE-2026-9123: Heap buffer overflow in Chromecast
• CVE-2026-9124: Insufficient validation of untrusted input in Input

Update to 148.0.7778.167

• CVE-2026-8509: Heap buffer overflow in WebML
• CVE-2026-8510: Integer overflow in Skia
• CVE-2026-8511: Use after free in UI
• CVE-2026-8512: Use after free in FileSystem
• CVE-2026-8513: Use after free in Input
• CVE-2026-8514: Use after free in Aura
• CVE-2026-8515: Use after free in HID
• CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
• CVE-2026-8517: Object lifecycle issue in WebShare
• CVE-2026-8518: Use after free in Blink
• CVE-2026-8519: Integer overflow in ANGLE
• CVE-2026-8520: Race in Payments
• CVE-2026-8521: Use after free in Tab Groups
• CVE-2026-8522: Use after free in Downloads
• CVE-2026-8523: Use after free in Mojo
• CVE-2026-8558: Out of bounds write in Fonts
• CVE-2026-8524: Out of bounds write in WebAudio
• CVE-2026-8525: Heap buffer overflow in ANGLE
• CVE-2026-8526: Out of bounds write in WebRTC
• CVE-2026-8527: Insufficient validation of untrusted input in Downloads
• CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
• CVE-2026-8529: Heap buffer overflow in Codecs
• CVE-2026-8530: Use after free in Network
• CVE-2026-8531: Heap buffer overflow in WebML
• CVE-2026-8532: Integer overflow in XML
• CVE-2026-8533: Use after free in Accessibility
• CVE-2026-8534: Integer overflow in GPU
• CVE-2026-8535: Out of bounds read in Media
• CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
• CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
• CVE-2026-8538: Insufficient validation of untrusted input in GPU
• CVE-2026-8539: Script injection in SanitizerAPI
• CVE-2026-8540: Type Confusion in V8
• CVE-2026-8541: Out of bounds read in UI
• CVE-2026-8542: Use after free in Core
• CVE-2026-8543: Out of bounds read in FileSystem
• CVE-2026-8544: Use after free in Media
• CVE-2026-8545: Object corruption in Compositing
• CVE-2026-8546: Out of bounds read in GPU
• CVE-2026-8547: Insufficient policy enforcement in Passwords
• CVE-2026-8548: Out of bounds write in Media
• CVE-2026-8549: Use after free in Media
• CVE-2026-8550: Use after free in Google Lens
• CVE-2026-8551: Use after free in Downloads
• CVE-2026-8552: Heap buffer overflow in GPU
• CVE-2026-8553: Use after free in GPU
• CVE-2026-8554: Type Confusion in ANGLE
• CVE-2026-8555: Use after free in GTK
• CVE-2026-8556: Inappropriate implementation in ANGLE
• CVE-2026-8557: Use after free in Accessibility
• CVE-2026-8559: Integer overflow in Internationalization
• CVE-2026-8560: Heap buffer overflow in SwiftShader
• CVE-2026-8561: Incorrect security UI in Fullscreen
• CVE-2026-8562: Side-channel information leakage in Navigation
• CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
• CVE-2026-8564: Incorrect security UI in Downloads
• CVE-2026-8565: Inappropriate implementation in Downloads
• CVE-2026-8566: Insufficient policy enforcement in Payments
• CVE-2026-8567: Integer overflow in ANGLE
• CVE-2026-8568: Insufficient policy enforcement in AI
• CVE-2026-8569: Out of bounds write in Codecs
• CVE-2026-8570: Type Confusion in V8
• CVE-2026-8571: Insufficient policy enforcement in GPU
• CVE-2026-8572: Insufficient policy enforcement in Network
• CVE-2026-8573: Integer overflow in Codecs
• CVE-2026-8574: Use after free in Core
• CVE-2026-8575: Use after free in UI
• CVE-2026-8576: Inappropriate implementation in CORS
• CVE-2026-8577: Integer overflow in Fonts
• CVE-2026-8578: Out of bounds read in GPU
• CVE-2026-8579: Insufficient validation of untrusted input in Skia
• CVE-2026-8580: Use after free in Mojo
• CVE-2026-8581: Use after free in GPU
• CVE-2026-8582: Object lifecycle issue in Dawn
• CVE-2026-8583: Insufficient policy enforcement in WebXR
• CVE-2026-8584: Inappropriate implementation in Views
• CVE-2026-8585: Inappropriate implementation in Media
• CVE-2026-8586: Inappropriate implementation in Chromoting
• CVE-2026-8587: Use after free in Extensions

FEDORA-2026-e4f5923bae Packages in this update:

• chromium-148.0.7778.178-1.fc42

Update description:

Update to 148.0.7778.178

• CVE-2026-9111: Use after free in WebRTC
• CVE-2026-9110: Inappropriate implementation in UI
• CVE-2026-9112: Use after free in GPU
• CVE-2026-9113: Out of bounds read in GPU
• CVE-2026-9114: Use after free in QUIC
• CVE-2026-9115: Insufficient policy enforcement in Service Worker
• CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
• CVE-2026-9117: Type Confusion in GFX
• CVE-2026-9118: Use after free in XR
• CVE-2026-9119: Heap buffer overflow in WebRTC
• CVE-2026-9120: Use after free in WebRTC
• CVE-2026-9126: Use after free in DOM
• CVE-2026-9121: Out of bounds read in GPU
• CVE-2026-9122: Out of bounds read in GPU
• CVE-2026-9123: Heap buffer overflow in Chromecast
• CVE-2026-9124: Insufficient validation of untrusted input in Input

Update to 148.0.7778.167

• CVE-2026-8509: Heap buffer overflow in WebML
• CVE-2026-8510: Integer overflow in Skia
• CVE-2026-8511: Use after free in UI
• CVE-2026-8512: Use after free in FileSystem
• CVE-2026-8513: Use after free in Input
• CVE-2026-8514: Use after free in Aura
• CVE-2026-8515: Use after free in HID
• CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
• CVE-2026-8517: Object lifecycle issue in WebShare
• CVE-2026-8518: Use after free in Blink
• CVE-2026-8519: Integer overflow in ANGLE
• CVE-2026-8520: Race in Payments
• CVE-2026-8521: Use after free in Tab Groups
• CVE-2026-8522: Use after free in Downloads
• CVE-2026-8523: Use after free in Mojo
• CVE-2026-8558: Out of bounds write in Fonts
• CVE-2026-8524: Out of bounds write in WebAudio
• CVE-2026-8525: Heap buffer overflow in ANGLE
• CVE-2026-8526: Out of bounds write in WebRTC
• CVE-2026-8527: Insufficient validation of untrusted input in Downloads
• CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
• CVE-2026-8529: Heap buffer overflow in Codecs
• CVE-2026-8530: Use after free in Network
• CVE-2026-8531: Heap buffer overflow in WebML
• CVE-2026-8532: Integer overflow in XML
• CVE-2026-8533: Use after free in Accessibility
• CVE-2026-8534: Integer overflow in GPU
• CVE-2026-8535: Out of bounds read in Media
• CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
• CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
• CVE-2026-8538: Insufficient validation of untrusted input in GPU
• CVE-2026-8539: Script injection in SanitizerAPI
• CVE-2026-8540: Type Confusion in V8
• CVE-2026-8541: Out of bounds read in UI
• CVE-2026-8542: Use after free in Core
• CVE-2026-8543: Out of bounds read in FileSystem
• CVE-2026-8544: Use after free in Media
• CVE-2026-8545: Object corruption in Compositing
• CVE-2026-8546: Out of bounds read in GPU
• CVE-2026-8547: Insufficient policy enforcement in Passwords
• CVE-2026-8548: Out of bounds write in Media
• CVE-2026-8549: Use after free in Media
• CVE-2026-8550: Use after free in Google Lens
• CVE-2026-8551: Use after free in Downloads
• CVE-2026-8552: Heap buffer overflow in GPU
• CVE-2026-8553: Use after free in GPU
• CVE-2026-8554: Type Confusion in ANGLE
• CVE-2026-8555: Use after free in GTK
• CVE-2026-8556: Inappropriate implementation in ANGLE
• CVE-2026-8557: Use after free in Accessibility
• CVE-2026-8559: Integer overflow in Internationalization
• CVE-2026-8560: Heap buffer overflow in SwiftShader
• CVE-2026-8561: Incorrect security UI in Fullscreen
• CVE-2026-8562: Side-channel information leakage in Navigation
• CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
• CVE-2026-8564: Incorrect security UI in Downloads
• CVE-2026-8565: Inappropriate implementation in Downloads
• CVE-2026-8566: Insufficient policy enforcement in Payments
• CVE-2026-8567: Integer overflow in ANGLE
• CVE-2026-8568: Insufficient policy enforcement in AI
• CVE-2026-8569: Out of bounds write in Codecs
• CVE-2026-8570: Type Confusion in V8
• CVE-2026-8571: Insufficient policy enforcement in GPU
• CVE-2026-8572: Insufficient policy enforcement in Network
• CVE-2026-8573: Integer overflow in Codecs
• CVE-2026-8574: Use after free in Core
• CVE-2026-8575: Use after free in UI
• CVE-2026-8576: Inappropriate implementation in CORS
• CVE-2026-8577: Integer overflow in Fonts
• CVE-2026-8578: Out of bounds read in GPU
• CVE-2026-8579: Insufficient validation of untrusted input in Skia
• CVE-2026-8580: Use after free in Mojo
• CVE-2026-8581: Use after free in GPU
• CVE-2026-8582: Object lifecycle issue in Dawn
• CVE-2026-8583: Insufficient policy enforcement in WebXR
• CVE-2026-8584: Inappropriate implementation in Views
• CVE-2026-8585: Inappropriate implementation in Media
• CVE-2026-8586: Inappropriate implementation in Chromoting
• CVE-2026-8587: Use after free in Extensions

FEDORA-EPEL-2026-d1c74ffb1b Packages in this update:

• chromium-148.0.7778.178-1.el9

Update description:

Update to 148.0.7778.178

• CVE-2026-9111: Use after free in WebRTC
• CVE-2026-9110: Inappropriate implementation in UI
• CVE-2026-9112: Use after free in GPU
• CVE-2026-9113: Out of bounds read in GPU
• CVE-2026-9114: Use after free in QUIC
• CVE-2026-9115: Insufficient policy enforcement in Service Worker
• CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
• CVE-2026-9117: Type Confusion in GFX
• CVE-2026-9118: Use after free in XR
• CVE-2026-9119: Heap buffer overflow in WebRTC
• CVE-2026-9120: Use after free in WebRTC
• CVE-2026-9126: Use after free in DOM
• CVE-2026-9121: Out of bounds read in GPU
• CVE-2026-9122: Out of bounds read in GPU
• CVE-2026-9123: Heap buffer overflow in Chromecast
• CVE-2026-9124: Insufficient validation of untrusted input in Input

FEDORA-EPEL-2026-9a7f44de0a Packages in this update:

• chromium-148.0.7778.178-1.el10_2

Update description:

Update to 148.0.7778.178

• CVE-2026-9111: Use after free in WebRTC
• CVE-2026-9110: Inappropriate implementation in UI
• CVE-2026-9112: Use after free in GPU
• CVE-2026-9113: Out of bounds read in GPU
• CVE-2026-9114: Use after free in QUIC
• CVE-2026-9115: Insufficient policy enforcement in Service Worker
• CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
• CVE-2026-9117: Type Confusion in GFX
• CVE-2026-9118: Use after free in XR
• CVE-2026-9119: Heap buffer overflow in WebRTC
• CVE-2026-9120: Use after free in WebRTC
• CVE-2026-9126: Use after free in DOM
• CVE-2026-9121: Out of bounds read in GPU
• CVE-2026-9122: Out of bounds read in GPU
• CVE-2026-9123: Heap buffer overflow in Chromecast
• CVE-2026-9124: Insufficient validation of untrusted input in Input

FEDORA-2026-c758d44a9a Packages in this update:

• chromium-148.0.7778.178-1.fc44

Update description:

Update to 148.0.7778.178

• CVE-2026-9111: Use after free in WebRTC
• CVE-2026-9110: Inappropriate implementation in UI
• CVE-2026-9112: Use after free in GPU
• CVE-2026-9113: Out of bounds read in GPU
• CVE-2026-9114: Use after free in QUIC
• CVE-2026-9115: Insufficient policy enforcement in Service Worker
• CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
• CVE-2026-9117: Type Confusion in GFX
• CVE-2026-9118: Use after free in XR
• CVE-2026-9119: Heap buffer overflow in WebRTC
• CVE-2026-9120: Use after free in WebRTC
• CVE-2026-9126: Use after free in DOM
• CVE-2026-9121: Out of bounds read in GPU
• CVE-2026-9122: Out of bounds read in GPU
• CVE-2026-9123: Heap buffer overflow in Chromecast
• CVE-2026-9124: Insufficient validation of untrusted input in Input

FEDORA-2026-956f05a733 Packages in this update:

• djvulibre-3.5.30-1.fc44

Update description:

Update to 3.5.30.

FEDORA-2026-01aa80d160 Packages in this update:

• djvulibre-3.5.30-1.fc42

Update description:

Update to 3.5.30.

FEDORA-2026-bfa185dbb3 Packages in this update:

• djvulibre-3.5.30-1.fc43

Update description:

Update to 3.5.30.

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. (CVE-2026-6472) It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-6473) It was discovered that PostgreSQL incorrectly handled format strings in the timeofday() function. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6474) It was discovered that PostgreSQL incorrectly followed symbolic links in pg_basebackup and pg_rewind. An attacker could possibly use this issue to overwrite local files and execute arbitrary code. (CVE-2026-6475) It was discovered that PostgreSQL had an SQL injection vulnerability in pg_createsubscriber. An attacker could possibly use this issue to execute arbitrary SQL as a superuser. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-6476) It was discovered that PostgreSQL used an unsafe libpq function in large object operations. An attacker could possibly use this issue to overwrite client memory and execute arbitrary code. (CVE-2026-6477) It was discovered that PostgreSQL did not compare MD5-hashed passwords in constant time. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6478) It was discovered that PostgreSQL had uncontrolled recursion during SSL and GSS negotiation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-6479) It was discovered that PostgreSQL incorrectly handled array length mismatches in pg_restore_attribute_stats(). An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-6575) It was discovered that PostgreSQL had a stack buffer overflow in the refint module. An attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6637) It was discovered that PostgreSQL had an SQL injection vulnerability in logical replication REFRESH PUBLICATION. An attacker could possibly use this issue to execute arbitrary SQL. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6638)

FEDORA-2026-b9f338a467 Packages in this update:

• kernel-6.19.14-108.fc42

Update description:

The 6.19.14-108 stable kernel update contains a couple if important security fixes.

FEDORA-2026-9a3a98bc24 Packages in this update:

• xrdp-0.10.6-2.fc44

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-2026-6af8517b94 Packages in this update:

• xrdp-0.10.6-2.fc42

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-EPEL-2026-8d69cba26b Packages in this update:

• xrdp-0.10.6-2.el9

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-2026-8aeca78af9 Packages in this update:

• xrdp-0.10.6-2.fc43

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.

FEDORA-EPEL-2026-cf191f562d Packages in this update:

• xrdp-0.10.6-2.el8

Update description:

Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.