Aggregator

FEDORA-2026-cf9e55a7a0 Packages in this update:

• xorg-x11-server-21.1.22-1.fc44

Update description:

Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

FEDORA-2026-e0c31e9e7e Packages in this update:

• cef-146.0.11^chromium146.0.7680.177-2.fc42

Update description:

Update to 146.0.7680.177 + cef-146.0.11+g8e1262b

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-83fdfd7e0e Packages in this update:

• cef-146.0.11^chromium146.0.7680.177-2.fc44

Update description:

Update to 146.0.7680.177 + cef-146.0.11+g8e1262b

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

FEDORA-2026-ffdca48c25 Packages in this update:

• cef-146.0.11^chromium146.0.7680.177-2.fc43

Update description:

Update to 146.0.7680.177 + cef-146.0.11+g8e1262b

• High CVE-2026-5273: Use after free in CSS
• High CVE-2026-5272: Heap buffer overflow in GPU
• High CVE-2026-5274: Integer overflow in Codecs
• High CVE-2026-5275: Heap buffer overflow in ANGLE
• High CVE-2026-5276: Insufficient policy enforcement in WebUSB
• High CVE-2026-5277: Integer overflow in ANGLE
• High CVE-2026-5278: Use after free in Web MIDI
• High CVE-2026-5279: Object corruption in V8
• High CVE-2026-5280: Use after free in WebCodecs
• High CVE-2026-5281: Use after free in Dawn
• High CVE-2026-5282: Out of bounds read in WebCodecs
• High CVE-2026-5283: Inappropriate implementation in ANGLE
• High CVE-2026-5284: Use after free in Dawn
• High CVE-2026-5285: Use after free in WebGL
• High CVE-2026-5286: Use after free in Dawn
• High CVE-2026-5287: Use after free in PDF
• High CVE-2026-5288: Use after free in WebView
• High CVE-2026-5289: Use after free in Navigation
• High CVE-2026-5290: Use after free in Compositing
• Medium CVE-2026-5291: Inappropriate implementation in WebGL
• Medium CVE-2026-5292: Out of bounds read in WebCodecs

It was discovered that FRR did not correctly handle certain network requests. A remote attacker could possibly use this issue to gain unauthorized access to resources.

FEDORA-2026-631b9d535c Packages in this update:

• flatpak-builder-1.4.8-1.fc42

Update description:

This update includes a fix for CVE-2026-39977. See also: the upstream advisory

FEDORA-2026-25ff246b4f Packages in this update:

• flatpak-builder-1.4.8-1.fc43

Update description:

This update includes a fix for CVE-2026-39977. See also: the upstream advisory

FEDORA-2026-5e62b78a0c Packages in this update:

• flatpak-builder-1.4.8-1.fc44

Update description:

This update includes a fix for CVE-2026-39977. See also: the upstream advisory

FEDORA-2026-2af3865ebf Packages in this update:

• pypy-7.3.21-8.fc43

Update description:

JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869

FEDORA-2026-fdc024ddc3 Packages in this update:

• pypy-7.3.21-8.fc44

Update description:

JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869

FEDORA-2026-ae330775b9 Packages in this update:

• pypy-7.3.21-8.fc45

Update description:

JIT translation fix for bootstraping, require openssl 3 and fix CVE-2026-25645 and CVE-2025-8869

FEDORA-2026-adc66b374a Packages in this update:

• xdg-dbus-proxy-0.1.7-1.fc42

Update description:

Update the package, including fix for CVE-2026-34080. See also: upstream security advisory

FEDORA-2026-9518314403 Packages in this update:

• xdg-dbus-proxy-0.1.7-1.fc43

Update description:

Update the package, including fix for CVE-2026-34080. See also: upstream security advisory

FEDORA-2026-205fd328d2 Packages in this update:

• xdg-dbus-proxy-0.1.7-1.fc44

Update description:

Update the package, including fix for CVE-2026-34080. See also: upstream security advisory

FEDORA-2026-78adb25141 Packages in this update:

• libexif-0.6.26-1.fc43

Update description:

Update to 0.6.26, fixing several CVEs

https://github.com/libexif/libexif/releases/tag/v0.6.26

FEDORA-2026-fd361a6f7f Packages in this update:

• libexif-0.6.26-1.fc44

Update description:

Update to 0.6.26, fixing several CVEs

https://github.com/libexif/libexif/releases/tag/v0.6.26

FEDORA-2026-b01307dc4d Packages in this update:

• libexif-0.6.26-1.fc42

Update description:

Update to 0.6.26, fixing several CVEs

https://github.com/libexif/libexif/releases/tag/v0.6.26

USN-8138-1 fixed a vulnerability in tar-rs. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges.