Aggregator

libpng12-1.2.57-25.fc45

Fedora Security Advisories
17 minutes 27 seconds ago
FEDORA-2026-e1669a5881 Packages in this update:
  • libpng12-1.2.57-25.fc45
Update description:

Automatic update for libpng12-1.2.57-25.fc45.

Changelog * Wed Apr 1 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.2.57-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438670)

libpng15-1.5.30-25.fc45

Fedora Security Advisories
17 minutes 30 seconds ago
FEDORA-2026-dfa60d30bc Packages in this update:
  • libpng15-1.5.30-25.fc45
Update description:

Automatic update for libpng15-1.5.30-25.fc45.

Changelog * Wed Apr 1 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.5.30-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438683)

libcgif-0.5.3-1.fc44

Fedora Security Advisories
3 hours 3 minutes ago
FEDORA-2026-7fd284c688 Packages in this update:
  • libcgif-0.5.3-1.fc44
Update description:

Version 0.5.3

  • Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

libcgif-0.5.3-1.fc43

Fedora Security Advisories
3 hours 4 minutes ago
FEDORA-2026-1a9f019f60 Packages in this update:
  • libcgif-0.5.3-1.fc43
Update description:

Version 0.5.3

  • Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

libcgif-0.5.3-1.fc42

Fedora Security Advisories
3 hours 4 minutes ago
FEDORA-2026-7716e480cb Packages in this update:
  • libcgif-0.5.3-1.fc42
Update description:

Version 0.5.3

  • Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

libcap-2.77-3.fc44

Fedora Security Advisories
3 hours 4 minutes ago
FEDORA-2026-8de97987a6 Packages in this update:
  • libcap-2.77-3.fc44
Update description:

Version 0.5.3

  • Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow

USN-8089-2: Go Networking vulnerabilities

Ubuntu Security Advisories
15 hours 34 minutes ago
USN-8089-1 fixed vulnerabilities in Go Networking. This update provides the corresponding update to code vendored in golang-golang-x-net-dev. Original advisory details: Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-27664) Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted stream could cause excessive CPU usage in Go Networking's HPACK decoder. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-41723) Mohammad Thoriq Aziz discovered that Go Networking did not properly sanitize some text nodes. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978) Sean Ng discovered an error in Go Networking's HTML tag handling. An attacker could possibly use this to cause a denial of service. (CVE-2025-22872) Guido Vranken and Jakub Ciolek discovered that a maliciously crafted HTML document could exhaust system resources on servers using Go Networking. An attacker could possibly use this to cause a denial of service. (CVE-2025-47911) Guido Vranken discovered that a maliciously crafted HTML document could put servers using Go Networking into an infinite loop. An attacker could possibly use this to cause a denial of service. (CVE-2025-58190)

cef-146.0.9^chromium146.0.7680.164-1.fc42

Fedora Security Advisories
18 hours 52 minutes ago
FEDORA-2026-6188cc51be Packages in this update:
  • cef-146.0.9^chromium146.0.7680.164-1.fc42
Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

  • High CVE-2026-4673: Heap buffer overflow in WebAudio
  • High CVE-2026-4674: Out of bounds read in CSS
  • High CVE-2026-4675: Heap buffer overflow in WebGL
  • High CVE-2026-4676: Use after free in Dawn
  • High CVE-2026-4677: Out of bounds read in WebAudio
  • High CVE-2026-4678: Use after free in WebGPU
  • High CVE-2026-4679: Integer overflow in Fonts
  • High CVE-2026-4680: Use after free in FedCM
  • CVE-2026-4439: Out of bounds memory access in WebGL
  • CVE-2026-4440: Out of bounds read and write in WebGL
  • CVE-2026-4441: Use after free in Base
  • CVE-2026-4442: Heap buffer overflow in CSS
  • CVE-2026-4443: Heap buffer overflow in WebAudio
  • CVE-2026-4444: Stack buffer overflow in WebRTC
  • CVE-2026-4445: Use after free in WebRTC
  • CVE-2026-4446: Use after free in WebRTC
  • CVE-2026-4447: Inappropriate implementation in V8
  • CVE-2026-4448: Heap buffer overflow in ANGLE
  • CVE-2026-4449: Use after free in Blink
  • CVE-2026-4450: Out of bounds write in V8
  • CVE-2026-4451: Insufficient validation of untrusted input in Navigation
  • CVE-2026-4452: Integer overflow in ANGLE
  • CVE-2026-4453: Integer overflow in Dawn
  • CVE-2026-4454: Use after free in Network
  • CVE-2026-4455: Heap buffer overflow in PDFium
  • CVE-2026-4456: Use after free in Digital Credentials API
  • CVE-2026-4457: Type Confusion in V8
  • CVE-2026-4458: Use after free in Extensions
  • CVE-2026-4459: Out of bounds read and write in WebAudio
  • CVE-2026-4460: Out of bounds read in Skia
  • CVE-2026-4461: Inappropriate implementation in V8
  • CVE-2026-4462: Out of bounds read in Blink
  • CVE-2026-4463: Heap buffer overflow in WebRTC
  • CVE-2026-4464: Integer overflow in ANGLE
  • CVE-2026-3909: Out of bounds write in Ski
  • CVE-2026-3909: Out of bounds write in Skia
  • CVE-2026-3910: Inappropriate implementation in V8
  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3909: Out of bounds write in Skia
  • CVE-2026-3910: Inappropriate implementation in V8
  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

python-pydicom-3.0.2-1.fc42

Fedora Security Advisories
19 hours 19 minutes ago
FEDORA-2026-f89e555af4 Packages in this update:
  • python-pydicom-3.0.2-1.fc42
Update description:

Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.