22 minutes 2 seconds ago
FEDORA-2026-cc466cfb57
Packages in this update:
- chromium-146.0.7680.164-1.fc42
Update description:
Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
Update to 146.0.7680.153
* CVE-2026-4439: Out of bounds memory access in WebGL
* CVE-2026-4440: Out of bounds read and write in WebGL
* CVE-2026-4441: Use after free in Base
* CVE-2026-4442: Heap buffer overflow in CSS
* CVE-2026-4443: Heap buffer overflow in WebAudio
* CVE-2026-4444: Stack buffer overflow in WebRTC
* CVE-2026-4445: Use after free in WebRTC
* CVE-2026-4446: Use after free in WebRTC
* CVE-2026-4447: Inappropriate implementation in V8
* CVE-2026-4448: Heap buffer overflow in ANGLE
* CVE-2026-4449: Use after free in Blink
* CVE-2026-4450: Out of bounds write in V8
* CVE-2026-4451: Insufficient validation of untrusted input in Navigation
* CVE-2026-4452: Integer overflow in ANGLE
* CVE-2026-4453: Integer overflow in Dawn
* CVE-2026-4454: Use after free in Network
* CVE-2026-4455: Heap buffer overflow in PDFium
* CVE-2026-4456: Use after free in Digital Credentials API
* CVE-2026-4457: Type Confusion in V8
* CVE-2026-4458: Use after free in Extensions
* CVE-2026-4459: Out of bounds read and write in WebAudio
* CVE-2026-4460: Out of bounds read in Skia
* CVE-2026-4461: Inappropriate implementation in V8
* CVE-2026-4462: Out of bounds read in Blink
* CVE-2026-4463: Heap buffer overflow in WebRTC
* CVE-2026-4464: Integer overflow in ANGLE
22 minutes 2 seconds ago
FEDORA-2026-4d42fffb2b
Packages in this update:
- chromium-146.0.7680.164-1.fc44
Update description:
Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
22 minutes 3 seconds ago
FEDORA-2026-ad5b2b6b68
Packages in this update:
- chromium-146.0.7680.164-1.fc43
Update description:
Update to 146.0.7680.164
* High CVE-2026-4673: Heap buffer overflow in WebAudio
* High CVE-2026-4674: Out of bounds read in CSS
* High CVE-2026-4675: Heap buffer overflow in WebGL
* High CVE-2026-4676: Use after free in Dawn
* High CVE-2026-4677: Out of bounds read in WebAudio
* High CVE-2026-4678: Use after free in WebGPU
* High CVE-2026-4679: Integer overflow in Fonts
* High CVE-2026-4680: Use after free in FedCM
10 hours 53 minutes ago
10 hours 53 minutes ago
10 hours 53 minutes ago
12 hours 44 minutes ago
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP messages. A remote attacker could possibly
use this issue to cause PJSIP to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2018-1000098,
CVE-2018-1000099)
Lauri Vänskä discovered that PJSIP did not verify hostnames when reusing
TLS connections. If a remote attacker were able to intercept communication,
this flaw could possibly be exploited to view sensitive information.
(CVE-2020-15260)
It was discovered that PJSIP did not properly handle certain sequences of
SDP messages. A remote attacker could possibly use this issue to cause
PJSIP to crash, resulting in a denial of service. (CVE-2021-21375)
It was discovered that the SSL socket implementation in PJSIP contained a
race condition. A remote attacker could possibly use this issue to cause
PJSIP to crash, resulting in a denial of service. This issue was only
addressed in Ubuntu 18.04 LTS. (CVE-2021-32686)
It was discovered that PJSIP did not properly parse certain STUN messages.
A remote attacker could use this issue to cause PJSIP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2021-37706)
Uriya Yavnieli discovered that PJSIP did not properly manage memory under
certain conditions. A remote attacker could use this issue to cause PJSIP
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,
CVE-2021-43303)
It was discovered that PJSIP did not properly manage memory when processing
ICE session credentials. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-25994)
13 hours 53 minutes ago
FEDORA-2026-36594550b0
Packages in this update:
Update description:
Update to 2.52.0:
- Make text look like in other browsers by blending in linear color space.
- Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.
- Improved composition scheduling to avoid blocking waiting for tile painting.
- Improved performance of accelerated 2D canvas by recording operations for batched replay.
- Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread.
- Enabled dynamic MSAA for accelerated 2D canvas rendering.
- Improved text rendering performance
- Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out.
- Added support for the Audio Output Devices API.
- Added API to handle WebXR permission requests.
- Added API to query the immersive session status.
- Added initial API for web extensions.
14 hours 31 minutes ago
FEDORA-2026-b4d393799a
Packages in this update:
Update description:
Fix CVE-2026-33056 (tar-rs 0.4.45); Closes rhbz#2449672
15 hours 8 minutes ago
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
16 hours 36 minutes ago
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- GPIO subsystem;
- GPU drivers;
- MMC subsystem;
- BTRFS file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- SMC sockets;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2022-49267,
CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)
16 hours 47 minutes ago
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- GPIO subsystem;
- GPU drivers;
- MMC subsystem;
- BTRFS file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- SMC sockets;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2022-49267,
CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215)
17 hours 33 minutes ago
Version:next-20260324 (linux-next)
Released:2026-03-24
17 hours 41 minutes ago
FEDORA-2026-d62d7fe77e
Packages in this update:
Update description:
Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672
18 hours 25 minutes ago
FEDORA-2026-2fc36ddefe
Packages in this update:
Update description:
Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672
19 hours 55 minutes ago
Seunghyun Lee discovered that Redis incorrectly handled memory during
hyperloglog operations. An attacker could use this issue to cause a denial
of service, or possibly achieve remote code execution.
20 hours 6 minutes ago
FEDORA-2026-e14350a7de
Packages in this update:
- rust-rustls-webpki-0.103.10-1.fc44
Update description:
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
20 hours 6 minutes ago
FEDORA-EPEL-2026-1460f79f2c
Packages in this update:
- rust-rustls-webpki-0.103.10-1.el10_3
Update description:
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
20 hours 6 minutes ago
FEDORA-EPEL-2026-860e57b32b
Packages in this update:
- rust-rustls-webpki-0.103.10-1.el10_2
Update description:
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
20 hours 6 minutes ago
FEDORA-EPEL-2026-e6e6228edf
Packages in this update:
- rust-rustls-webpki-0.103.10-1.el9
Update description:
Update to version 0.103.10. Addresses RUSTSEC-2026-0049.
Update to version 0.103.9.
