Aggregator

USN-7964-1: Git vulnerabilities

Ubuntu Security Advisories
2 weeks 5 days ago
It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. (CVE-2024-50349) It was discovered that Git did not properly handle carriage return characters in its credential protocol. An attacker could use this issue to send unexpected data to credential helpers, possibly leading to a user being tricked into disclosing sensitive information. (CVE-2024-52006)

chromium-144.0.7559.59-1.fc43

Fedora Security Advisories
2 weeks 5 days ago
FEDORA-2026-65945d88e4 Packages in this update:
  • chromium-144.0.7559.59-1.fc43
Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

chromium-144.0.7559.59-1.el10_1

Fedora Security Advisories
2 weeks 5 days ago
FEDORA-EPEL-2026-e68610338c Packages in this update:
  • chromium-144.0.7559.59-1.el10_1
Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

chromium-144.0.7559.59-1.el9

Fedora Security Advisories
2 weeks 5 days ago
FEDORA-EPEL-2026-0ff4a46f49 Packages in this update:
  • chromium-144.0.7559.59-1.el9
Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

chromium-144.0.7559.59-1.fc42

Fedora Security Advisories
2 weeks 5 days ago
FEDORA-2026-3736e2ff1a Packages in this update:
  • chromium-144.0.7559.59-1.fc42
Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

chromium-144.0.7559.59-1.el10_2

Fedora Security Advisories
2 weeks 5 days ago
FEDORA-EPEL-2026-ba3b30fe06 Packages in this update:
  • chromium-144.0.7559.59-1.el10_2
Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

USN-7916-2: python-apt regression

Ubuntu Security Advisories
2 weeks 5 days ago
USN-7916-1 fixed a vulnerability in python-apt. The update had a PEP 440 incompatible version. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service.

USN-7963-1: libpng vulnerabilities

Ubuntu Security Advisories
2 weeks 6 days ago
It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22801)