Aggregator

dovecot-2.4.4-1.fc43

Fedora Security Advisories
1 week ago
FEDORA-2026-693373747f Packages in this update:
  • dovecot-2.4.4-1.fc43
Update description:
  • CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe.
  • CVE-2026-33603: auth: CRAM-SHA-*-PLUS channel binding could be faked. MITM attacker with a certificate trusted by the client could have bypassed the requirement for channel binding.
  • CVE-2026-40020: IMAP folders can be shared-spammed to everyone.
  • CVE-2026-42006: An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete.
  • indexer-worker, quota-status, script-login, program-client-local: Root privileges are now dropped permanently before serving requests.
  • indexer-worker: Default restart_request_count changed to 1 to work correctly after permanent root privilege drop.
  • lmtp: Add back service_extra_groups=$SET:default_internal_group that was incorrectly removed in v2.4.3.
  • master: inet_listener_reuse_port has been replaced by service_reuse_port. The new setting properly pre-creates all listener sockets at startup and assigns one unique socket per process. Using this allows evenly distributing incoming connections to login processes.

perl-Crypt-DSA-1.20-1.el10_3

Fedora Security Advisories
1 week ago
FEDORA-EPEL-2026-bb3b5814c6 Packages in this update:
  • perl-Crypt-DSA-1.20-1.el10_3
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.

perl-Crypt-DSA-1.20-1.el10_2

Fedora Security Advisories
1 week ago
FEDORA-EPEL-2026-617040b22d Packages in this update:
  • perl-Crypt-DSA-1.20-1.el10_2
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.

perl-Crypt-DSA-1.20-1.el10_1

Fedora Security Advisories
1 week ago
FEDORA-EPEL-2026-c7fdab55d8 Packages in this update:
  • perl-Crypt-DSA-1.20-1.el10_1
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

Upstream's use of the Crypt::SysRandom module is replaced by the equally-secure Crypt::URandom module, which is already a dependency of perl-Crypt-DSA: Crypt::SysRandom is not currently available in EPEL.

perl-Crypt-DSA-1.20-1.fc43

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-fdc100f74f Packages in this update:
  • perl-Crypt-DSA-1.20-1.fc43
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

perl-Crypt-DSA-1.20-1.fc42

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-ffe3625a50 Packages in this update:
  • perl-Crypt-DSA-1.20-1.fc42
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

perl-Crypt-DSA-1.20-1.fc44

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-cdcb20089b Packages in this update:
  • perl-Crypt-DSA-1.20-1.fc44
Update description:

This update fixes a couple of security issues:

  • Replace two arg open (CVE-2026-8704)
  • Replace rand() with a cryptographically-secure source of random data for seed generation (CVE-2026-8700)

helix-25.07.1-10.fc45 rust-asyncgit-0.28.1-1.fc45 rust-cargo-0.93.0-2.fc45 rust-cargo-deny-0.18.9-5.fc45 rust-dua-cli-2.32.2-5.fc45 rust-gengo-0.14.3-2.fc45 rust-git2-hooks-0.7.0-1.fc45 rust-gix-0.83.0-1.fc45 rust-gix-actor-0.41.0-1.fc45 rust-gix-archive…

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-a843eb2666 Packages in this update:
  • helix-25.07.1-10.fc45
  • rust-asyncgit-0.28.1-1.fc45
  • rust-cargo-0.93.0-2.fc45
  • rust-cargo-deny-0.18.9-5.fc45
  • rust-dua-cli-2.32.2-5.fc45
  • rust-gengo-0.14.3-2.fc45
  • rust-git2-hooks-0.7.0-1.fc45
  • rust-gix-0.83.0-1.fc45
  • rust-gix-actor-0.41.0-1.fc45
  • rust-gix-archive-0.32.0-1.fc45
  • rust-gix-attributes-0.33.0-1.fc45
  • rust-gix-bitmap-0.3.1-1.fc45
  • rust-gix-blame-0.13.0-1.fc45
  • rust-gix-chunk-0.7.1-1.fc45
  • rust-gix-command-0.9.0-1.fc45
  • rust-gix-commitgraph-0.37.0-1.fc45
  • rust-gix-config-0.56.0-1.fc45
  • rust-gix-config-value-0.18.0-1.fc45
  • rust-gix-credentials-0.38.0-1.fc45
  • rust-gix-date-0.15.3-1.fc45
  • rust-gix-diff-0.63.0-1.fc45
  • rust-gix-dir-0.25.0-1.fc45
  • rust-gix-discover-0.51.0-1.fc45
  • rust-gix-error-0.2.3-1.fc45
  • rust-gix-features-0.48.0-1.fc45
  • rust-gix-filter-0.30.0-1.fc45
  • rust-gix-fs-0.21.1-1.fc45
  • rust-gix-glob-0.26.0-1.fc45
  • rust-gix-hash-0.25.0-1.fc45
  • rust-gix-hashtable-0.15.0-1.fc45
  • rust-gix-ignore-0.21.0-1.fc45
  • rust-gix-imara-diff-0.2.1-1.fc45
  • rust-gix-index-0.51.0-1.fc45
  • rust-gix-lock-23.0.0-1.fc45
  • rust-gix-mailmap-0.33.0-1.fc45
  • rust-gix-merge-0.16.0-1.fc45
  • rust-gix-negotiate-0.31.0-1.fc45
  • rust-gix-object-0.60.0-1.fc45
  • rust-gix-odb-0.80.0-1.fc45
  • rust-gix-pack-0.70.0-1.fc45
  • rust-gix-packetline-0.21.3-1.fc45
  • rust-gix-path-0.12.0-1.fc45
  • rust-gix-pathspec-0.18.0-1.fc45
  • rust-gix-prompt-0.15.0-1.fc45
  • rust-gix-protocol-0.61.0-1.fc45
  • rust-gix-quote-0.7.1-1.fc45
  • rust-gix-ref-0.63.0-1.fc45
  • rust-gix-refspec-0.41.0-1.fc45
  • rust-gix-revision-0.45.0-1.fc45
  • rust-gix-revwalk-0.31.0-1.fc45
  • rust-gix-sec-0.14.0-1.fc45
  • rust-gix-shallow-0.12.0-1.fc45
  • rust-gix-status-0.30.0-1.fc45
  • rust-gix-submodule-0.30.0-1.fc45
  • rust-gix-tempfile-23.0.0-1.fc45
  • rust-gix-trace-0.1.19-1.fc45
  • rust-gix-transport-0.57.0-1.fc45
  • rust-gix-traverse-0.57.0-1.fc45
  • rust-gix-url-0.36.0-1.fc45
  • rust-gix-utils-0.3.2-1.fc45
  • rust-gix-validate-0.11.1-1.fc45
  • rust-gix-worktree-0.52.0-1.fc45
  • rust-gix-worktree-state-0.30.0-1.fc45
  • rust-gix-worktree-stream-0.32.0-1.fc45
  • rust-onefetch-2.27.1-5.fc45
  • rust-prodash-31.0.0-1.fc45
  • rust-rustsec-0.31.0-3.fc45
  • rust-tame-index-0.25.0-3.fc45
  • stgit-2.5.5-6.fc45
Update description:

Update gix to version 0.83

chromium-148.0.7778.167-1.el10_1

Fedora Security Advisories
1 week 2 days ago
FEDORA-EPEL-2026-266b62aea6 Packages in this update:
  • chromium-148.0.7778.167-1.el10_1
Update description:

Upstream security release - 148.0.7778.167

* CVE-2026-8509: Heap buffer overflow in WebML * CVE-2026-8510: Integer overflow in Skia * CVE-2026-8511: Use after free in UI * CVE-2026-8512: Use after free in FileSystem * CVE-2026-8513: Use after free in Input * CVE-2026-8514: Use after free in Aura * CVE-2026-8515: Use after free in HID * CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer * CVE-2026-8517: Object lifecycle issue in WebShare * CVE-2026-8518: Use after free in Blink * CVE-2026-8519: Integer overflow in ANGLE * CVE-2026-8520: Race in Payments * CVE-2026-8521: Use after free in Tab Groups * CVE-2026-8522: Use after free in Downloads * CVE-2026-8523: Use after free in Mojo * CVE-2026-8558: Out of bounds write in Fonts * CVE-2026-8524: Out of bounds write in WebAudio * CVE-2026-8525: Heap buffer overflow in ANGLE * CVE-2026-8526: Out of bounds write in WebRTC * CVE-2026-8527: Insufficient validation of untrusted input in Downloads * CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-8529: Heap buffer overflow in Codecs * CVE-2026-8530: Use after free in Network * CVE-2026-8531: Heap buffer overflow in WebML * CVE-2026-8532: Integer overflow in XML * CVE-2026-8533: Use after free in Accessibility * CVE-2026-8534: Integer overflow in GPU * CVE-2026-8535: Out of bounds read in Media * CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode * CVE-2026-8537: Insufficient policy enforcement in ViewTransitions * CVE-2026-8538: Insufficient validation of untrusted input in GPU * CVE-2026-8539: Script injection in SanitizerAPI * CVE-2026-8540: Type Confusion in V8 * CVE-2026-8541: Out of bounds read in UI * CVE-2026-8542: Use after free in Core * CVE-2026-8543: Out of bounds read in FileSystem * CVE-2026-8544: Use after free in Media * CVE-2026-8545: Object corruption in Compositing * CVE-2026-8546: Out of bounds read in GPU * CVE-2026-8547: Insufficient policy enforcement in Passwords * CVE-2026-8548: Out of bounds write in Media * CVE-2026-8549: Use after free in Media * CVE-2026-8550: Use after free in Google Lens * CVE-2026-8551: Use after free in Downloads * CVE-2026-8552: Heap buffer overflow in GPU * CVE-2026-8553: Use after free in GPU * CVE-2026-8554: Type Confusion in ANGLE * CVE-2026-8555: Use after free in GTK * CVE-2026-8556: Inappropriate implementation in ANGLE * CVE-2026-8557: Use after free in Accessibility * CVE-2026-8559: Integer overflow in Internationalization * CVE-2026-8560: Heap buffer overflow in SwiftShader * CVE-2026-8561: Incorrect security UI in Fullscreen * CVE-2026-8562: Side-channel information leakage in Navigation * CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox * CVE-2026-8564: Incorrect security UI in Downloads * CVE-2026-8565: Inappropriate implementation in Downloads * CVE-2026-8566: Insufficient policy enforcement in Payments * CVE-2026-8567: Integer overflow in ANGLE * CVE-2026-8568: Insufficient policy enforcement in AI * CVE-2026-8569: Out of bounds write in Codecs * CVE-2026-8570: Type Confusion in V8 * CVE-2026-8571: Insufficient policy enforcement in GPU * CVE-2026-8572: Insufficient policy enforcement in Network * CVE-2026-8573: Integer overflow in Codecs * CVE-2026-8574: Use after free in Core * CVE-2026-8575: Use after free in UI * CVE-2026-8576: Inappropriate implementation in CORS * CVE-2026-8577: Integer overflow in Fonts * CVE-2026-8578: Out of bounds read in GPU * CVE-2026-8579: Insufficient validation of untrusted input in Skia * CVE-2026-8580: Use after free in Mojo * CVE-2026-8581: Use after free in GPU * CVE-2026-8582: Object lifecycle issue in Dawn * CVE-2026-8583: Insufficient policy enforcement in WebXR * CVE-2026-8584: Inappropriate implementation in Views * CVE-2026-8585: Inappropriate implementation in Media * CVE-2026-8586: Inappropriate implementation in Chromoting * CVE-2026-8587: Use after free in Extensions

chromium-148.0.7778.167-1.el10_3

Fedora Security Advisories
1 week 2 days ago
FEDORA-EPEL-2026-f121d3be68 Packages in this update:
  • chromium-148.0.7778.167-1.el10_3
Update description:

Upstream security release - 148.0.7778.167

* CVE-2026-8509: Heap buffer overflow in WebML * CVE-2026-8510: Integer overflow in Skia * CVE-2026-8511: Use after free in UI * CVE-2026-8512: Use after free in FileSystem * CVE-2026-8513: Use after free in Input * CVE-2026-8514: Use after free in Aura * CVE-2026-8515: Use after free in HID * CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer * CVE-2026-8517: Object lifecycle issue in WebShare * CVE-2026-8518: Use after free in Blink * CVE-2026-8519: Integer overflow in ANGLE * CVE-2026-8520: Race in Payments * CVE-2026-8521: Use after free in Tab Groups * CVE-2026-8522: Use after free in Downloads * CVE-2026-8523: Use after free in Mojo * CVE-2026-8558: Out of bounds write in Fonts * CVE-2026-8524: Out of bounds write in WebAudio * CVE-2026-8525: Heap buffer overflow in ANGLE * CVE-2026-8526: Out of bounds write in WebRTC * CVE-2026-8527: Insufficient validation of untrusted input in Downloads * CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation * CVE-2026-8529: Heap buffer overflow in Codecs * CVE-2026-8530: Use after free in Network * CVE-2026-8531: Heap buffer overflow in WebML * CVE-2026-8532: Integer overflow in XML * CVE-2026-8533: Use after free in Accessibility * CVE-2026-8534: Integer overflow in GPU * CVE-2026-8535: Out of bounds read in Media * CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode * CVE-2026-8537: Insufficient policy enforcement in ViewTransitions * CVE-2026-8538: Insufficient validation of untrusted input in GPU * CVE-2026-8539: Script injection in SanitizerAPI * CVE-2026-8540: Type Confusion in V8 * CVE-2026-8541: Out of bounds read in UI * CVE-2026-8542: Use after free in Core * CVE-2026-8543: Out of bounds read in FileSystem * CVE-2026-8544: Use after free in Media * CVE-2026-8545: Object corruption in Compositing * CVE-2026-8546: Out of bounds read in GPU * CVE-2026-8547: Insufficient policy enforcement in Passwords * CVE-2026-8548: Out of bounds write in Media * CVE-2026-8549: Use after free in Media * CVE-2026-8550: Use after free in Google Lens * CVE-2026-8551: Use after free in Downloads * CVE-2026-8552: Heap buffer overflow in GPU * CVE-2026-8553: Use after free in GPU * CVE-2026-8554: Type Confusion in ANGLE * CVE-2026-8555: Use after free in GTK * CVE-2026-8556: Inappropriate implementation in ANGLE * CVE-2026-8557: Use after free in Accessibility * CVE-2026-8559: Integer overflow in Internationalization * CVE-2026-8560: Heap buffer overflow in SwiftShader * CVE-2026-8561: Incorrect security UI in Fullscreen * CVE-2026-8562: Side-channel information leakage in Navigation * CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox * CVE-2026-8564: Incorrect security UI in Downloads * CVE-2026-8565: Inappropriate implementation in Downloads * CVE-2026-8566: Insufficient policy enforcement in Payments * CVE-2026-8567: Integer overflow in ANGLE * CVE-2026-8568: Insufficient policy enforcement in AI * CVE-2026-8569: Out of bounds write in Codecs * CVE-2026-8570: Type Confusion in V8 * CVE-2026-8571: Insufficient policy enforcement in GPU * CVE-2026-8572: Insufficient policy enforcement in Network * CVE-2026-8573: Integer overflow in Codecs * CVE-2026-8574: Use after free in Core * CVE-2026-8575: Use after free in UI * CVE-2026-8576: Inappropriate implementation in CORS * CVE-2026-8577: Integer overflow in Fonts * CVE-2026-8578: Out of bounds read in GPU * CVE-2026-8579: Insufficient validation of untrusted input in Skia * CVE-2026-8580: Use after free in Mojo * CVE-2026-8581: Use after free in GPU * CVE-2026-8582: Object lifecycle issue in Dawn * CVE-2026-8583: Insufficient policy enforcement in WebXR * CVE-2026-8584: Inappropriate implementation in Views * CVE-2026-8585: Inappropriate implementation in Media * CVE-2026-8586: Inappropriate implementation in Chromoting * CVE-2026-8587: Use after free in Extensions