Aggregator

cef-144.0.11^chromium144.0.7559.96-1.fc43

Fedora Security Advisories
15 hours 28 minutes ago
FEDORA-2026-c5295ae3b9 Packages in this update:
  • cef-144.0.11^chromium144.0.7559.96-1.fc43
Update description:

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335)

  • CVE-2026-1220: Race in V8
  • CVE-2026-0899: Out of bounds memory access in V8
  • CVE-2026-0900: Inappropriate implementation in V8
  • CVE-2026-0901: Inappropriate implementation in Blink
  • CVE-2026-0902: Inappropriate implementation in V8
  • CVE-2026-0903: Insufficient validation of untrusted input in Downloads
  • CVE-2026-0904: Incorrect security UI in Digital Credentials
  • CVE-2026-0905: Insufficient policy enforcement in Network
  • CVE-2026-0906: Incorrect security UI
  • CVE-2026-0907: Incorrect security UI in Split View
  • CVE-2026-0908: Use after free in ANGLE

cef-144.0.11^chromium144.0.7559.96-1.fc42

Fedora Security Advisories
15 hours 37 minutes ago
FEDORA-2026-68ca733984 Packages in this update:
  • cef-144.0.11^chromium144.0.7559.96-1.fc42
Update description:

Update to cef-144.0.11+ge135be2 + chromium 144.0.7559.96 (rhbz#2432335)

  • CVE-2026-1220: Race in V8
  • CVE-2026-0899: Out of bounds memory access in V8
  • CVE-2026-0900: Inappropriate implementation in V8
  • CVE-2026-0901: Inappropriate implementation in Blink
  • CVE-2026-0902: Inappropriate implementation in V8
  • CVE-2026-0903: Insufficient validation of untrusted input in Downloads
  • CVE-2026-0904: Incorrect security UI in Digital Credentials
  • CVE-2026-0905: Insufficient policy enforcement in Network
  • CVE-2026-0906: Incorrect security UI
  • CVE-2026-0907: Incorrect security UI in Split View
  • CVE-2026-0908: Use after free in ANGLE

glibc-2.42-9.fc43

Fedora Security Advisories
19 hours 47 minutes ago
FEDORA-2026-205d532069 Packages in this update:
  • glibc-2.42-9.fc43
Update description:

This update switches the currency symbol for Bulgaria to the Euro.

Furthermore, it addresses several security vulnerabilities:

  • A crash when wordexp is used with WRDE_REUSE (CVE-2025-15281)
  • Information leakage from the stack if getnetbyaddr is called for the zero address (CVE-2026-0915)
  • An integer overflow in memalign and related functions if they are called with out-of-bounds size/alignment combinations (CVE-2026-0861)
  • LD_PROFILE is now ignored with a warning if LD_PROFILE_OUTPUT is not specified, rather than using the insecure /var/tmp default.

tar-1.35-8.fc44

Fedora Security Advisories
1 day 9 hours ago
FEDORA-2026-0895af5ebe Packages in this update:
  • tar-1.35-8.fc44
Update description:

Automatic update for tar-1.35-8.fc44.

Changelog * Wed Jan 21 2026 Pavel Cahyna <pcahyna@redhat.com> - 2:1.35-8 - Backport upstream fix for savannah bug 65838, commit 1e6ce98e (fedora#2427654) - added "padding with zeros" info message (#2089298) - do not report disk error as file shrank (#2089316) - upstream fix for savannah bug 64581, commit 51142180 (crash with TAR_OPTIONS) (fedora#2389217) - Backport fix for regression in the --no-overwrite-dir option Upstream commit 4e742fc8674064a9fa00d4483d06aca48d5b0463, discussed in https://www.mail-archive.com/bug-tar@gnu.org/msg06445.html - Backport upstream changes to jailify extraction directory Includes related gnulib changes to add openat2 Fixes CVE-2025-45582 (fedora#2380007)