Aggregator

It was discovered that Git did not properly sanitize URLs when asking for credentials via a terminal prompt. An attacker could possibly use this issue to trick a user into disclosing their password. (CVE-2024-50349) It was discovered that Git did not properly handle carriage return characters in its credential protocol. An attacker could use this issue to send unexpected data to credential helpers, possibly leading to a user being tricked into disclosing sensitive information. (CVE-2024-52006)

It was discovered that SimGear could be made to bypass the sandboxing of Nasal scripts. An attacker could possibly use this issue to execute arbitrary code.

FEDORA-2026-975a15098b Packages in this update:

• python3.9-3.9.25-3.fc43

Update description:

Security fix for CVE-2025-12084

FEDORA-2026-43e2b1e209 Packages in this update:

• python3.9-3.9.25-3.fc42

Update description:

Security fix for CVE-2025-12084

FEDORA-2026-65945d88e4 Packages in this update:

• chromium-144.0.7559.59-1.fc43

Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

FEDORA-EPEL-2026-e68610338c Packages in this update:

• chromium-144.0.7559.59-1.el10_1

Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

FEDORA-EPEL-2026-0ff4a46f49 Packages in this update:

• chromium-144.0.7559.59-1.el9

Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

FEDORA-2026-3736e2ff1a Packages in this update:

• chromium-144.0.7559.59-1.fc42

Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

FEDORA-EPEL-2026-ba3b30fe06 Packages in this update:

• chromium-144.0.7559.59-1.el10_2

Update description:

Update to 144.0.7559.59

* CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE

FEDORA-2026-c7954c45b7 Packages in this update:

• perl-HarfBuzz-Shaper-0.032-2.fc43

Update description:

Upgrade to upstream 0.032 to fix CVE-2026-22693.

FEDORA-2026-55dfa04750 Packages in this update:

• perl-HarfBuzz-Shaper-0.032-1.fc42

Update description:

Upgrade to upstream 0.032.

USN-7916-1 fixed a vulnerability in python-apt. The update had a PEP 440 incompatible version. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service.

Version:next-20260115 (linux-next) Released:2026-01-15

It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22801)

It was discovered that cpp-httplib did not correctly handle HTTP headers. A remote attacker could possibly use this issue to bypass authorization and impersonate users.

FEDORA-2026-f6fadfed32 Packages in this update:

• vsftpd-3.0.5-14.fc42

Update description:

Resolve CVE-2025-14242

FEDORA-2026-67442bdd84 Packages in this update:

• vsftpd-3.0.5-14.fc43

Update description:

Resolve CVE-2025-14242

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions.

FEDORA-2026-bac983cf83 Packages in this update:

• harfbuzz-10.4.0-2.fc42

Update description:

Backport security fix for CVE-2026-22693 (fix RHBZ#2429278)