Aggregator

FEDORA-EPEL-2026-50fab59f98 Packages in this update:

• helm3-3.19.3-1.el10_2
• helm-4.0.4-1.el10_2

Update description:

Update helm to version 4 and introduce helm3 as compat package.

FEDORA-EPEL-2026-4e0cd92103 Packages in this update:

• helm3-3.19.3-1.el10_1
• helm-4.0.4-1.el10_1

Update description:

Update helm to version 4 and introduce helm3 as compat package.

FEDORA-EPEL-2026-8461f97b9d Packages in this update:

• helm3-3.19.3-1.el9
• helm-4.0.4-1.el9

Update description:

Update to helm to version 4 and introduce helm3 as a compat package.

It was discovered that Tornado incorrectly handled special characters in HTTP headers. An attacker could possibly use this issue to execute a cross- site scripting (XSS) attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-67724) It was discovered that Tornado incorrectly handled repeated HTTP headers. An attacker could possibly use this issue to cause Tornado to use excessive resources, causing a denial of service. (CVE-2025-67725) It was discovered that Tornado incorrectly handled parsing of certain HTTP header values. An attacker could possibly use this issue to cause Tornado to use excessive resources, causing a denial of service. (CVE-2025-67726)

FEDORA-2026-5551bc920f Packages in this update:

• chromium-143.0.7499.192-1.fc44

Update description:

Automatic update for chromium-143.0.7499.192-1.fc44.

Changelog * Wed Jan 7 2026 Than Ngo <than@redhat.com> - 143.0.7499.192-1 - Update tp 143.0.7499.192 * High CVE-2026-0628: Insufficient policy enforcement in WebView tag - Fix rhbz#2425338, Enable control flow integrity support for x86_64/aarch64 - Enable build for epel10.1

FEDORA-2026-a4a01fb680 Packages in this update:

• forgejo-13.0.4-1.fc43

Update description:

This is an upstream bug and security fix release. Please view the upstream release notes for more details.

USN-7946-1 fixed vulnerabilities in GnuPG 2.x. This update provides the corresponding updates for GnuPG 1.x. Original advisory details: It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code.

FEDORA-2026-9d457091e8 Packages in this update:

• openssh-9.9p1-12.fc42

Update description:

Added fixes for CVE-2025-61985 and CVE-2025-61984

It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations.

It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-67268) It was discovered that GPSd incorrectly handled processing NAVCOM packets. An attacker could possibly use this issue to cause GPSd to consume resources, resulting in a denial of service. (CVE-2025-67269)

It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code.

It was discovered that libvirt parsed user-provided XML files before performing ACL checks. An attacker could possibly use this issue to cause libvirt to consume memory, resulting in a denial of service. (CVE-2025-12748) It was discovered that libvirt incorrectly handled permissions on external inactive snapshots. A local attacker could possibly use this issue to obtain sensitive guest contents. (CVE-2025-13193)

Version:6.18.4 (stable) Released:2026-01-08 Source:linux-6.18.4.tar.xz PGP Signature:linux-6.18.4.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.4

Version:6.12.64 (longterm) Released:2026-01-08 Source:linux-6.12.64.tar.xz PGP Signature:linux-6.12.64.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.64

FEDORA-EPEL-2026-2f73131e02 Packages in this update:

• chromium-143.0.7499.192-1.el10_1

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-2026-540f5a89d1 Packages in this update:

• chromium-143.0.7499.192-1.fc42

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-EPEL-2026-7101d35773 Packages in this update:

• chromium-143.0.7499.192-1.el10_2

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-EPEL-2026-1e6d3d4287 Packages in this update:

• chromium-143.0.7499.192-1.el9

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1

FEDORA-2026-66162d01ae Packages in this update:

• chromium-143.0.7499.192-1.fc43

Update description:

Update to 143.0.7499.192

* High CVE-2026-0628: Insufficient policy enforcement in WebView tag * Enable control flow integrity support for x86_64/aarch64 * Enable build for epel10.1