Aggregator

It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8597) It was discovered that lwIP incorrectly handled certain ICMPv6 or 6LoWPAN packets. An attacker could possibly use this issue to trigger a buffer overflow, resulting in information disclosure. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284) It was discovered that lwIP did not properly validate certain SNMPv3 authentication parameters. An attacker could possibly use this issue to trigger a stack-based buffer overflow, resulting in arbitrary code execution or a denial of service. (CVE-2026-8836)

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges.

FEDORA-2026-2debc85b3c Packages in this update:

• chromium-149.0.7827.102-1.fc44

Update description:

Update to 149.0.7827.102

• CVE-2026-11628: Use after free in Ozone
• CVE-2026-11629: Use after free in Ozone
• CVE-2026-11630: Use after free in File Input
• CVE-2026-11631: Use after free in Aura
• CVE-2026-11632: Use after free in TabStrip
• CVE-2026-11633: Use after free in Bluetooth
• CVE-2026-11634: Use after free in Gamepad
• CVE-2026-11635: Use after free in Bluetooth
• CVE-2026-11636: Use after free in Autofill
• CVE-2026-11637: Use after free in Views
• CVE-2026-11638: Use after free in Printing
• CVE-2026-11639: Use after free in Compositing
• CVE-2026-11640: Integer overflow in libyuv
• CVE-2026-11641: Use after free in Bluetooth
• CVE-2026-11642: Use after free in Web Apps
• CVE-2026-11643: Use after free in Proxy
• CVE-2026-11644: Use after free in Views
• CVE-2026-11645: Out of bounds memory access in V8
• CVE-2026-11646: Use after free in ViewTransitions
• CVE-2026-11647: Use after free in Printing
• CVE-2026-11648: Use after free in FullScreen
• CVE-2026-11649: Use after free in V8
• CVE-2026-11650: Use after free in V8
• CVE-2026-11651: Use after free in Network
• CVE-2026-11652: Use after free in Extensions
• CVE-2026-11653: Insufficient validation of untrusted input in Extensions
• CVE-2026-11654: Use after free in CameraCapture
• CVE-2026-11655: Integer overflow in Media
• CVE-2026-11656: Use after free in ServiceWorker
• CVE-2026-11657: Use after free in Payments
• CVE-2026-11658: Insufficient validation of untrusted input in Extensions
• CVE-2026-11659: Insufficient validation of untrusted input in UI
• CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11661: Use after free in Views
• CVE-2026-11662: Type Confusion in Bindings
• CVE-2026-11663: Use after free in Skia
• CVE-2026-11664: Use after free in Payments
• CVE-2026-11665: Out of bounds read in Dawn
• CVE-2026-11666: Insufficient validation of untrusted input in Input
• CVE-2026-11667: Out of bounds read in WebRTC
• CVE-2026-11668: Uninitialized Use in Codecs
• CVE-2026-11669: Integer overflow in Media
• CVE-2026-11670: Use after free in PDF
• CVE-2026-11671: Use after free in Navigation
• CVE-2026-11672: Out of bounds write in GPU
• CVE-2026-11673: Use after free in InterestGroups
• CVE-2026-11674: Use after free in Guest View
• CVE-2026-11675: Insufficient validation of untrusted input in Skia
• CVE-2026-11676: Insufficient validation of untrusted input in Dawn
• CVE-2026-11677: Race in Network
• CVE-2026-11678: Integer overflow in libyuv
• CVE-2026-11679: Use after free in Codecs
• CVE-2026-11680: Use after free in Media
• CVE-2026-11681: Use after free in Ozone
• CVE-2026-11682: Insufficient validation of untrusted input in Views
• CVE-2026-11683: Use after free in WebCodecs
• CVE-2026-11684: Insufficient policy enforcement in Network
• CVE-2026-11685: Insufficient data validation in MediaCapture
• CVE-2026-11686: Insufficient validation of untrusted input in Dawn
• CVE-2026-11687: Use after free in Dawn
• CVE-2026-11688: Object lifecycle issue in SVG
• CVE-2026-11689: Insufficient validation of untrusted input in Passwords
• CVE-2026-11690: Out of bounds read and write in Media
• CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11692: Use after free in Read Anything
• CVE-2026-11693: Inappropriate implementation in Plugins
• CVE-2026-11694: Use after free in ServiceWorker
• CVE-2026-11695: Inappropriate implementation in Passwords
• CVE-2026-11696: Uninitialized Use in Video
• CVE-2026-11697: Insufficient validation of untrusted input in UI
• CVE-2026-11698: Use after free in Bluetooth
• CVE-2026-11699: Use after free in Bluetooth
• CVE-2026-11700: Use after free in Tracing
• CVE-2026-11701: Insufficient validation of untrusted input in Guest View

FEDORA-2026-c5c0986fb6 Packages in this update:

• chromium-149.0.7827.102-1.fc43

Update description:

Update to 149.0.7827.102

• CVE-2026-11628: Use after free in Ozone
• CVE-2026-11629: Use after free in Ozone
• CVE-2026-11630: Use after free in File Input
• CVE-2026-11631: Use after free in Aura
• CVE-2026-11632: Use after free in TabStrip
• CVE-2026-11633: Use after free in Bluetooth
• CVE-2026-11634: Use after free in Gamepad
• CVE-2026-11635: Use after free in Bluetooth
• CVE-2026-11636: Use after free in Autofill
• CVE-2026-11637: Use after free in Views
• CVE-2026-11638: Use after free in Printing
• CVE-2026-11639: Use after free in Compositing
• CVE-2026-11640: Integer overflow in libyuv
• CVE-2026-11641: Use after free in Bluetooth
• CVE-2026-11642: Use after free in Web Apps
• CVE-2026-11643: Use after free in Proxy
• CVE-2026-11644: Use after free in Views
• CVE-2026-11645: Out of bounds memory access in V8
• CVE-2026-11646: Use after free in ViewTransitions
• CVE-2026-11647: Use after free in Printing
• CVE-2026-11648: Use after free in FullScreen
• CVE-2026-11649: Use after free in V8
• CVE-2026-11650: Use after free in V8
• CVE-2026-11651: Use after free in Network
• CVE-2026-11652: Use after free in Extensions
• CVE-2026-11653: Insufficient validation of untrusted input in Extensions
• CVE-2026-11654: Use after free in CameraCapture
• CVE-2026-11655: Integer overflow in Media
• CVE-2026-11656: Use after free in ServiceWorker
• CVE-2026-11657: Use after free in Payments
• CVE-2026-11658: Insufficient validation of untrusted input in Extensions
• CVE-2026-11659: Insufficient validation of untrusted input in UI
• CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11661: Use after free in Views
• CVE-2026-11662: Type Confusion in Bindings
• CVE-2026-11663: Use after free in Skia
• CVE-2026-11664: Use after free in Payments
• CVE-2026-11665: Out of bounds read in Dawn
• CVE-2026-11666: Insufficient validation of untrusted input in Input
• CVE-2026-11667: Out of bounds read in WebRTC
• CVE-2026-11668: Uninitialized Use in Codecs
• CVE-2026-11669: Integer overflow in Media
• CVE-2026-11670: Use after free in PDF
• CVE-2026-11671: Use after free in Navigation
• CVE-2026-11672: Out of bounds write in GPU
• CVE-2026-11673: Use after free in InterestGroups
• CVE-2026-11674: Use after free in Guest View
• CVE-2026-11675: Insufficient validation of untrusted input in Skia
• CVE-2026-11676: Insufficient validation of untrusted input in Dawn
• CVE-2026-11677: Race in Network
• CVE-2026-11678: Integer overflow in libyuv
• CVE-2026-11679: Use after free in Codecs
• CVE-2026-11680: Use after free in Media
• CVE-2026-11681: Use after free in Ozone
• CVE-2026-11682: Insufficient validation of untrusted input in Views
• CVE-2026-11683: Use after free in WebCodecs
• CVE-2026-11684: Insufficient policy enforcement in Network
• CVE-2026-11685: Insufficient data validation in MediaCapture
• CVE-2026-11686: Insufficient validation of untrusted input in Dawn
• CVE-2026-11687: Use after free in Dawn
• CVE-2026-11688: Object lifecycle issue in SVG
• CVE-2026-11689: Insufficient validation of untrusted input in Passwords
• CVE-2026-11690: Out of bounds read and write in Media
• CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11692: Use after free in Read Anything
• CVE-2026-11693: Inappropriate implementation in Plugins
• CVE-2026-11694: Use after free in ServiceWorker
• CVE-2026-11695: Inappropriate implementation in Passwords
• CVE-2026-11696: Uninitialized Use in Video
• CVE-2026-11697: Insufficient validation of untrusted input in UI
• CVE-2026-11698: Use after free in Bluetooth
• CVE-2026-11699: Use after free in Bluetooth
• CVE-2026-11700: Use after free in Tracing
• CVE-2026-11701: Insufficient validation of untrusted input in Guest View

Update to 149.0.7827.53

• fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309)

FEDORA-2026-3cce371bdf Packages in this update:

• perl-Config-IniFiles-3.001000-1.fc43

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-0e5f31b975 Packages in this update:

• perl-Config-IniFiles-3.001000-1.el10_2

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-525901a90e Packages in this update:

• perl-Config-IniFiles-3.001000-1.el9

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-5617bbdfc0 Packages in this update:

• perl-Config-IniFiles-3.001000-1.el8

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-2026-1c2676703e Packages in this update:

• perl-Config-IniFiles-3.001000-1.fc44

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-bf53806e4a Packages in this update:

• perl-Config-IniFiles-3.001000-1.el10_3

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-2026-b33ba1aa06 Packages in this update:

• ldns-1.9.2-1.fc43

Update description:

Update to 1.9.2 for CVE-2026-10846

FEDORA-2026-1c6479b257 Packages in this update:

• ldns-1.9.2-1.fc44

Update description:

Update to 1.9.2 for CVE-2026-10846

Version:next-20260611 (linux-next) Released:2026-06-11

FEDORA-2026-f07b3548d4 Packages in this update:

• gh-2.94.0-1.fc44

Update description:

Update to 2.94.0

Update to 2.93.0

FEDORA-EPEL-2026-d82cb6262c Packages in this update:

• gh-2.94.0-1.el10_3

Update description:

Update to 2.94.0

Update to 2.93.0

FEDORA-EPEL-2026-46b506c7c2 Packages in this update:

• gh-2.94.0-1.el10_2

Update description:

Update to 2.94.0

Update to 2.93.0

FEDORA-EPEL-2026-d274f8045b Packages in this update:

• gh-2.94.0-1.el9

Update description:

Update to 2.94.0

Update to 2.93.0

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worker and possibly extract sensitive data including service credentials from it.

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate file paths when handling ISO images. A privileged authenticated remote user could use this issue to perform path traversal via a crafted ISO image and overwrite arbitrary files on the Ironic conductor. (CVE-2026-48681) Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not properly validate kernel command line parameters. A privileged authenticated remote user could use this issue to inject scripts during node boot and possibly execute arbitrary code. (CVE-2026-46447) Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic incorrectly restricted access to custom PXE templates. A privileged authenticated remote user could use this issue to read arbitrary sensitive files on the Ironic conductor. (CVE-2026-44917)

FEDORA-EPEL-2026-9590d638c8 Packages in this update:

• chromium-149.0.7827.102-1.el10_2

Update description:

Update to 149.0.7827.102

• CVE-2026-11628: Use after free in Ozone
• CVE-2026-11629: Use after free in Ozone
• CVE-2026-11630: Use after free in File Input
• CVE-2026-11631: Use after free in Aura
• CVE-2026-11632: Use after free in TabStrip
• CVE-2026-11633: Use after free in Bluetooth
• CVE-2026-11634: Use after free in Gamepad
• CVE-2026-11635: Use after free in Bluetooth
• CVE-2026-11636: Use after free in Autofill
• CVE-2026-11637: Use after free in Views
• CVE-2026-11638: Use after free in Printing
• CVE-2026-11639: Use after free in Compositing
• CVE-2026-11640: Integer overflow in libyuv
• CVE-2026-11641: Use after free in Bluetooth
• CVE-2026-11642: Use after free in Web Apps
• CVE-2026-11643: Use after free in Proxy
• CVE-2026-11644: Use after free in Views
• CVE-2026-11645: Out of bounds memory access in V8
• CVE-2026-11646: Use after free in ViewTransitions
• CVE-2026-11647: Use after free in Printing
• CVE-2026-11648: Use after free in FullScreen
• CVE-2026-11649: Use after free in V8
• CVE-2026-11650: Use after free in V8
• CVE-2026-11651: Use after free in Network
• CVE-2026-11652: Use after free in Extensions
• CVE-2026-11653: Insufficient validation of untrusted input in Extensions
• CVE-2026-11654: Use after free in CameraCapture
• CVE-2026-11655: Integer overflow in Media
• CVE-2026-11656: Use after free in ServiceWorker
• CVE-2026-11657: Use after free in Payments
• CVE-2026-11658: Insufficient validation of untrusted input in Extensions
• CVE-2026-11659: Insufficient validation of untrusted input in UI
• CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11661: Use after free in Views
• CVE-2026-11662: Type Confusion in Bindings
• CVE-2026-11663: Use after free in Skia
• CVE-2026-11664: Use after free in Payments
• CVE-2026-11665: Out of bounds read in Dawn
• CVE-2026-11666: Insufficient validation of untrusted input in Input
• CVE-2026-11667: Out of bounds read in WebRTC
• CVE-2026-11668: Uninitialized Use in Codecs
• CVE-2026-11669: Integer overflow in Media
• CVE-2026-11670: Use after free in PDF
• CVE-2026-11671: Use after free in Navigation
• CVE-2026-11672: Out of bounds write in GPU
• CVE-2026-11673: Use after free in InterestGroups
• CVE-2026-11674: Use after free in Guest View
• CVE-2026-11675: Insufficient validation of untrusted input in Skia
• CVE-2026-11676: Insufficient validation of untrusted input in Dawn
• CVE-2026-11677: Race in Network
• CVE-2026-11678: Integer overflow in libyuv
• CVE-2026-11679: Use after free in Codecs
• CVE-2026-11680: Use after free in Media
• CVE-2026-11681: Use after free in Ozone
• CVE-2026-11682: Insufficient validation of untrusted input in Views
• CVE-2026-11683: Use after free in WebCodecs
• CVE-2026-11684: Insufficient policy enforcement in Network
• CVE-2026-11685: Insufficient data validation in MediaCapture
• CVE-2026-11686: Insufficient validation of untrusted input in Dawn
• CVE-2026-11687: Use after free in Dawn
• CVE-2026-11688: Object lifecycle issue in SVG
• CVE-2026-11689: Insufficient validation of untrusted input in Passwords
• CVE-2026-11690: Out of bounds read and write in Media
• CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11692: Use after free in Read Anything
• CVE-2026-11693: Inappropriate implementation in Plugins
• CVE-2026-11694: Use after free in ServiceWorker
• CVE-2026-11695: Inappropriate implementation in Passwords
• CVE-2026-11696: Uninitialized Use in Video
• CVE-2026-11697: Insufficient validation of untrusted input in UI
• CVE-2026-11698: Use after free in Bluetooth
• CVE-2026-11699: Use after free in Bluetooth
• CVE-2026-11700: Use after free in Tracing
• CVE-2026-11701: Insufficient validation of untrusted input in Guest View