Aggregator

FEDORA-EPEL-2026-c0bb6674c7 Packages in this update:

• atril-1.26.4-1.el8

Update description: atril 1.26.4

• epub: use g_strndup for parsing document path
• epub: validate epub content before parsing

atril 1.26.3

• epub: Avoid crash when index list has extraneous entry
• fix a incompatible pointer type warning for gcc14
• Fix build with libxml2 2.12
• fix memleak
• pdf: Always use poppler_document_save to avoid data loss
• ev-application: Quote user-supplied strings in ev_spawn command line

FEDORA-EPEL-2026-abc540be8b Packages in this update:

• atril-1.26.4-1.el9

Update description: atril 1.26.4

• epub: use g_strndup for parsing document path
• epub: validate epub content before parsing

atril 1.26.3

• epub: Avoid crash when index list has extraneous entry
• fix a incompatible pointer type warning for gcc14
• Fix build with libxml2 2.12
• fix memleak
• pdf: Always use poppler_document_save to avoid data loss
• ev-application: Quote user-supplied strings in ev_spawn command line

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges.

FEDORA-2026-2debc85b3c Packages in this update:

• chromium-149.0.7827.102-1.fc44

Update description:

Update to 149.0.7827.102

• CVE-2026-11628: Use after free in Ozone
• CVE-2026-11629: Use after free in Ozone
• CVE-2026-11630: Use after free in File Input
• CVE-2026-11631: Use after free in Aura
• CVE-2026-11632: Use after free in TabStrip
• CVE-2026-11633: Use after free in Bluetooth
• CVE-2026-11634: Use after free in Gamepad
• CVE-2026-11635: Use after free in Bluetooth
• CVE-2026-11636: Use after free in Autofill
• CVE-2026-11637: Use after free in Views
• CVE-2026-11638: Use after free in Printing
• CVE-2026-11639: Use after free in Compositing
• CVE-2026-11640: Integer overflow in libyuv
• CVE-2026-11641: Use after free in Bluetooth
• CVE-2026-11642: Use after free in Web Apps
• CVE-2026-11643: Use after free in Proxy
• CVE-2026-11644: Use after free in Views
• CVE-2026-11645: Out of bounds memory access in V8
• CVE-2026-11646: Use after free in ViewTransitions
• CVE-2026-11647: Use after free in Printing
• CVE-2026-11648: Use after free in FullScreen
• CVE-2026-11649: Use after free in V8
• CVE-2026-11650: Use after free in V8
• CVE-2026-11651: Use after free in Network
• CVE-2026-11652: Use after free in Extensions
• CVE-2026-11653: Insufficient validation of untrusted input in Extensions
• CVE-2026-11654: Use after free in CameraCapture
• CVE-2026-11655: Integer overflow in Media
• CVE-2026-11656: Use after free in ServiceWorker
• CVE-2026-11657: Use after free in Payments
• CVE-2026-11658: Insufficient validation of untrusted input in Extensions
• CVE-2026-11659: Insufficient validation of untrusted input in UI
• CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11661: Use after free in Views
• CVE-2026-11662: Type Confusion in Bindings
• CVE-2026-11663: Use after free in Skia
• CVE-2026-11664: Use after free in Payments
• CVE-2026-11665: Out of bounds read in Dawn
• CVE-2026-11666: Insufficient validation of untrusted input in Input
• CVE-2026-11667: Out of bounds read in WebRTC
• CVE-2026-11668: Uninitialized Use in Codecs
• CVE-2026-11669: Integer overflow in Media
• CVE-2026-11670: Use after free in PDF
• CVE-2026-11671: Use after free in Navigation
• CVE-2026-11672: Out of bounds write in GPU
• CVE-2026-11673: Use after free in InterestGroups
• CVE-2026-11674: Use after free in Guest View
• CVE-2026-11675: Insufficient validation of untrusted input in Skia
• CVE-2026-11676: Insufficient validation of untrusted input in Dawn
• CVE-2026-11677: Race in Network
• CVE-2026-11678: Integer overflow in libyuv
• CVE-2026-11679: Use after free in Codecs
• CVE-2026-11680: Use after free in Media
• CVE-2026-11681: Use after free in Ozone
• CVE-2026-11682: Insufficient validation of untrusted input in Views
• CVE-2026-11683: Use after free in WebCodecs
• CVE-2026-11684: Insufficient policy enforcement in Network
• CVE-2026-11685: Insufficient data validation in MediaCapture
• CVE-2026-11686: Insufficient validation of untrusted input in Dawn
• CVE-2026-11687: Use after free in Dawn
• CVE-2026-11688: Object lifecycle issue in SVG
• CVE-2026-11689: Insufficient validation of untrusted input in Passwords
• CVE-2026-11690: Out of bounds read and write in Media
• CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11692: Use after free in Read Anything
• CVE-2026-11693: Inappropriate implementation in Plugins
• CVE-2026-11694: Use after free in ServiceWorker
• CVE-2026-11695: Inappropriate implementation in Passwords
• CVE-2026-11696: Uninitialized Use in Video
• CVE-2026-11697: Insufficient validation of untrusted input in UI
• CVE-2026-11698: Use after free in Bluetooth
• CVE-2026-11699: Use after free in Bluetooth
• CVE-2026-11700: Use after free in Tracing
• CVE-2026-11701: Insufficient validation of untrusted input in Guest View

FEDORA-2026-c5c0986fb6 Packages in this update:

• chromium-149.0.7827.102-1.fc43

Update description:

Update to 149.0.7827.102

• CVE-2026-11628: Use after free in Ozone
• CVE-2026-11629: Use after free in Ozone
• CVE-2026-11630: Use after free in File Input
• CVE-2026-11631: Use after free in Aura
• CVE-2026-11632: Use after free in TabStrip
• CVE-2026-11633: Use after free in Bluetooth
• CVE-2026-11634: Use after free in Gamepad
• CVE-2026-11635: Use after free in Bluetooth
• CVE-2026-11636: Use after free in Autofill
• CVE-2026-11637: Use after free in Views
• CVE-2026-11638: Use after free in Printing
• CVE-2026-11639: Use after free in Compositing
• CVE-2026-11640: Integer overflow in libyuv
• CVE-2026-11641: Use after free in Bluetooth
• CVE-2026-11642: Use after free in Web Apps
• CVE-2026-11643: Use after free in Proxy
• CVE-2026-11644: Use after free in Views
• CVE-2026-11645: Out of bounds memory access in V8
• CVE-2026-11646: Use after free in ViewTransitions
• CVE-2026-11647: Use after free in Printing
• CVE-2026-11648: Use after free in FullScreen
• CVE-2026-11649: Use after free in V8
• CVE-2026-11650: Use after free in V8
• CVE-2026-11651: Use after free in Network
• CVE-2026-11652: Use after free in Extensions
• CVE-2026-11653: Insufficient validation of untrusted input in Extensions
• CVE-2026-11654: Use after free in CameraCapture
• CVE-2026-11655: Integer overflow in Media
• CVE-2026-11656: Use after free in ServiceWorker
• CVE-2026-11657: Use after free in Payments
• CVE-2026-11658: Insufficient validation of untrusted input in Extensions
• CVE-2026-11659: Insufficient validation of untrusted input in UI
• CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11661: Use after free in Views
• CVE-2026-11662: Type Confusion in Bindings
• CVE-2026-11663: Use after free in Skia
• CVE-2026-11664: Use after free in Payments
• CVE-2026-11665: Out of bounds read in Dawn
• CVE-2026-11666: Insufficient validation of untrusted input in Input
• CVE-2026-11667: Out of bounds read in WebRTC
• CVE-2026-11668: Uninitialized Use in Codecs
• CVE-2026-11669: Integer overflow in Media
• CVE-2026-11670: Use after free in PDF
• CVE-2026-11671: Use after free in Navigation
• CVE-2026-11672: Out of bounds write in GPU
• CVE-2026-11673: Use after free in InterestGroups
• CVE-2026-11674: Use after free in Guest View
• CVE-2026-11675: Insufficient validation of untrusted input in Skia
• CVE-2026-11676: Insufficient validation of untrusted input in Dawn
• CVE-2026-11677: Race in Network
• CVE-2026-11678: Integer overflow in libyuv
• CVE-2026-11679: Use after free in Codecs
• CVE-2026-11680: Use after free in Media
• CVE-2026-11681: Use after free in Ozone
• CVE-2026-11682: Insufficient validation of untrusted input in Views
• CVE-2026-11683: Use after free in WebCodecs
• CVE-2026-11684: Insufficient policy enforcement in Network
• CVE-2026-11685: Insufficient data validation in MediaCapture
• CVE-2026-11686: Insufficient validation of untrusted input in Dawn
• CVE-2026-11687: Use after free in Dawn
• CVE-2026-11688: Object lifecycle issue in SVG
• CVE-2026-11689: Insufficient validation of untrusted input in Passwords
• CVE-2026-11690: Out of bounds read and write in Media
• CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11692: Use after free in Read Anything
• CVE-2026-11693: Inappropriate implementation in Plugins
• CVE-2026-11694: Use after free in ServiceWorker
• CVE-2026-11695: Inappropriate implementation in Passwords
• CVE-2026-11696: Uninitialized Use in Video
• CVE-2026-11697: Insufficient validation of untrusted input in UI
• CVE-2026-11698: Use after free in Bluetooth
• CVE-2026-11699: Use after free in Bluetooth
• CVE-2026-11700: Use after free in Tracing
• CVE-2026-11701: Insufficient validation of untrusted input in Guest View

Update to 149.0.7827.53

• fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309)

FEDORA-2026-3cce371bdf Packages in this update:

• perl-Config-IniFiles-3.001000-1.fc43

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-0e5f31b975 Packages in this update:

• perl-Config-IniFiles-3.001000-1.el10_2

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-525901a90e Packages in this update:

• perl-Config-IniFiles-3.001000-1.el9

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-5617bbdfc0 Packages in this update:

• perl-Config-IniFiles-3.001000-1.el8

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-2026-1c2676703e Packages in this update:

• perl-Config-IniFiles-3.001000-1.fc44

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-EPEL-2026-bf53806e4a Packages in this update:

• perl-Config-IniFiles-3.001000-1.el10_3

Update description:

Update to 3.001000, fixes CVE-2026-11527

FEDORA-2026-b33ba1aa06 Packages in this update:

• ldns-1.9.2-1.fc43

Update description:

Update to 1.9.2 for CVE-2026-10846

FEDORA-2026-1c6479b257 Packages in this update:

• ldns-1.9.2-1.fc44

Update description:

Update to 1.9.2 for CVE-2026-10846

Version:next-20260611 (linux-next) Released:2026-06-11

FEDORA-2026-f07b3548d4 Packages in this update:

• gh-2.94.0-1.fc44

Update description:

Update to 2.94.0

Update to 2.93.0

FEDORA-EPEL-2026-d82cb6262c Packages in this update:

• gh-2.94.0-1.el10_3

Update description:

Update to 2.94.0

Update to 2.93.0

FEDORA-EPEL-2026-46b506c7c2 Packages in this update:

• gh-2.94.0-1.el10_2

Update description:

Update to 2.94.0

Update to 2.93.0

FEDORA-EPEL-2026-d274f8045b Packages in this update:

• gh-2.94.0-1.el9

Update description:

Update to 2.94.0

Update to 2.93.0

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worker and possibly extract sensitive data including service credentials from it.

FEDORA-EPEL-2026-9590d638c8 Packages in this update:

• chromium-149.0.7827.102-1.el10_2

Update description:

Update to 149.0.7827.102

• CVE-2026-11628: Use after free in Ozone
• CVE-2026-11629: Use after free in Ozone
• CVE-2026-11630: Use after free in File Input
• CVE-2026-11631: Use after free in Aura
• CVE-2026-11632: Use after free in TabStrip
• CVE-2026-11633: Use after free in Bluetooth
• CVE-2026-11634: Use after free in Gamepad
• CVE-2026-11635: Use after free in Bluetooth
• CVE-2026-11636: Use after free in Autofill
• CVE-2026-11637: Use after free in Views
• CVE-2026-11638: Use after free in Printing
• CVE-2026-11639: Use after free in Compositing
• CVE-2026-11640: Integer overflow in libyuv
• CVE-2026-11641: Use after free in Bluetooth
• CVE-2026-11642: Use after free in Web Apps
• CVE-2026-11643: Use after free in Proxy
• CVE-2026-11644: Use after free in Views
• CVE-2026-11645: Out of bounds memory access in V8
• CVE-2026-11646: Use after free in ViewTransitions
• CVE-2026-11647: Use after free in Printing
• CVE-2026-11648: Use after free in FullScreen
• CVE-2026-11649: Use after free in V8
• CVE-2026-11650: Use after free in V8
• CVE-2026-11651: Use after free in Network
• CVE-2026-11652: Use after free in Extensions
• CVE-2026-11653: Insufficient validation of untrusted input in Extensions
• CVE-2026-11654: Use after free in CameraCapture
• CVE-2026-11655: Integer overflow in Media
• CVE-2026-11656: Use after free in ServiceWorker
• CVE-2026-11657: Use after free in Payments
• CVE-2026-11658: Insufficient validation of untrusted input in Extensions
• CVE-2026-11659: Insufficient validation of untrusted input in UI
• CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11661: Use after free in Views
• CVE-2026-11662: Type Confusion in Bindings
• CVE-2026-11663: Use after free in Skia
• CVE-2026-11664: Use after free in Payments
• CVE-2026-11665: Out of bounds read in Dawn
• CVE-2026-11666: Insufficient validation of untrusted input in Input
• CVE-2026-11667: Out of bounds read in WebRTC
• CVE-2026-11668: Uninitialized Use in Codecs
• CVE-2026-11669: Integer overflow in Media
• CVE-2026-11670: Use after free in PDF
• CVE-2026-11671: Use after free in Navigation
• CVE-2026-11672: Out of bounds write in GPU
• CVE-2026-11673: Use after free in InterestGroups
• CVE-2026-11674: Use after free in Guest View
• CVE-2026-11675: Insufficient validation of untrusted input in Skia
• CVE-2026-11676: Insufficient validation of untrusted input in Dawn
• CVE-2026-11677: Race in Network
• CVE-2026-11678: Integer overflow in libyuv
• CVE-2026-11679: Use after free in Codecs
• CVE-2026-11680: Use after free in Media
• CVE-2026-11681: Use after free in Ozone
• CVE-2026-11682: Insufficient validation of untrusted input in Views
• CVE-2026-11683: Use after free in WebCodecs
• CVE-2026-11684: Insufficient policy enforcement in Network
• CVE-2026-11685: Insufficient data validation in MediaCapture
• CVE-2026-11686: Insufficient validation of untrusted input in Dawn
• CVE-2026-11687: Use after free in Dawn
• CVE-2026-11688: Object lifecycle issue in SVG
• CVE-2026-11689: Insufficient validation of untrusted input in Passwords
• CVE-2026-11690: Out of bounds read and write in Media
• CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
• CVE-2026-11692: Use after free in Read Anything
• CVE-2026-11693: Inappropriate implementation in Plugins
• CVE-2026-11694: Use after free in ServiceWorker
• CVE-2026-11695: Inappropriate implementation in Passwords
• CVE-2026-11696: Uninitialized Use in Video
• CVE-2026-11697: Insufficient validation of untrusted input in UI
• CVE-2026-11698: Use after free in Bluetooth
• CVE-2026-11699: Use after free in Bluetooth
• CVE-2026-11700: Use after free in Tracing
• CVE-2026-11701: Insufficient validation of untrusted input in Guest View