Fedora Security Advisories

chromium-150.0.7871.114-1.el10_2

1 hour 38 minutes ago
FEDORA-EPEL-2026-4f9779f295 Packages in this update:
  • chromium-150.0.7871.114-1.el10_2
Update description:

Update to 150.0.7871.114

* CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation

chromium-150.0.7871.114-1.fc44

1 hour 38 minutes ago
FEDORA-2026-7e82bf89f4 Packages in this update:
  • chromium-150.0.7871.114-1.fc44
Update description:

Update to 150.0.7871.114

* CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation

chromium-150.0.7871.114-1.el9

1 hour 38 minutes ago
FEDORA-EPEL-2026-36fc7f58b7 Packages in this update:
  • chromium-150.0.7871.114-1.el9
Update description:

Update to 150.0.7871.114

* CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation

chromium-150.0.7871.114-1.fc43

1 hour 41 minutes ago
FEDORA-2026-9a7d180869 Packages in this update:
  • chromium-150.0.7871.114-1.fc43
Update description:

Update to 150.0.7871.114

* CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation

chromium-150.0.7871.114-1.el10_3

1 hour 41 minutes ago
FEDORA-EPEL-2026-df92eb1a58 Packages in this update:
  • chromium-150.0.7871.114-1.el10_3
Update description:

Update to 150.0.7871.114

* CVE-2026-15112: Use after free in Ozone * CVE-2026-15129: Use after free in Views * CVE-2026-15132: Uninitialized Use in V8 * CVE-2026-15133: Use after free in InterestGroups * CVE-2026-15108: Integer overflow in Extensions API * CVE-2026-15109: Uninitialized Use in ANGLE * CVE-2026-15110: Use after free in Extensions * CVE-2026-15111: Use after free in Views * CVE-2026-15113: Use after free in Autofill * CVE-2026-15114: Out of bounds read and write in Codecs * CVE-2026-15115: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-15116: Use after free in Actor * CVE-2026-15117: Use after free in Payments * CVE-2026-15118: Use after free in Input * CVE-2026-15119: Inappropriate implementation in GetUserMedia * CVE-2026-15120: Use after free in Core * CVE-2026-15121: Use after free in WebRTC * CVE-2026-15122: Insufficient validation of untrusted input in Codecs * CVE-2026-15123: Insufficient data validation in DOM * CVE-2026-15124: Insufficient policy enforcement in Passwords * CVE-2026-15125: Inappropriate implementation in Forms * CVE-2026-15126: Use after free in Forms * CVE-2026-15127: Inappropriate implementation in WebGL * CVE-2026-15128: Inappropriate implementation in Forms * CVE-2026-15130: Insufficient policy enforcement in Navigation * CVE-2026-15107: Use after free in IndexedDB * CVE-2026-15131: Insufficient data validation in Navigation

tmux-3.7b-3.fc43

14 hours 3 minutes ago
FEDORA-2026-7fa12630d5 Packages in this update:
  • tmux-3.7b-3.fc43
Update description:

fdf6afc update to 3.7b fixes rhbz#2498485

CHANGES FROM 3.7a TO 3.7b

  • Fix so that the end of a synchronized update again triggers a redraw.

CHANGES FROM 3.7 TO 3.7a

  • Fix crash in break-pane when no name is provided.

  • Scrollbar options are now cached rather than being looked up for every redraw (issue 5298).

  • Only forbid #( in names, allow #[, empty names, : and .

tmux-3.7b-2.fc44

14 hours 3 minutes ago
FEDORA-2026-f5dd9fb83f Packages in this update:
  • tmux-3.7b-2.fc44
Update description:

fdf6afc update to 3.7b fixes rhbz#2498485

CHANGES FROM 3.7a TO 3.7b

  • Fix so that the end of a synchronized update again triggers a redraw.

CHANGES FROM 3.7 TO 3.7a

  • Fix crash in break-pane when no name is provided.

  • Scrollbar options are now cached rather than being looked up for every redraw (issue 5298).

  • Only forbid #( in names, allow #[, empty names, : and .

sssd-2.12.0-3.fc43

15 hours 10 minutes ago
FEDORA-2026-9ab663dcd4 Packages in this update:
  • sssd-2.12.0-3.fc43
Update description:

CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass - rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation

sssd-2.13.1-2.fc44

16 hours 6 minutes ago
FEDORA-2026-5acfb0243b Packages in this update:
  • sssd-2.13.1-2.fc44
Update description:

CVE fixes: CVE-2026-12610 CVE-2026-14474 CVE-2026-14476 - rhbz#2494777: CVE-2026-12610 sssd: Use-after-free crash in SSSD' 'sssd_pam' process - rhbz#2497650: CVE-2026-14476 sssd: sssd: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass - rhbz#2497651: CVE-2026-14474 sssd: sssd: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege escalation

ruby-3.4.10-31.fc43

21 hours 12 minutes ago
FEDORA-2026-7b7c2b373e Packages in this update:
  • ruby-3.4.10-31.fc43
Update description:

Ruby 3.4.10 is released. This new version contains severay security bug fixes in zlib, net-imap and erb..

attr-2.6.0-1.fc45

23 hours 40 minutes ago
FEDORA-2026-c7aafa6056 Packages in this update:
  • attr-2.6.0-1.fc45
Update description:

Automatic update for attr-2.6.0-1.fc45.

Changelog * Thu Jul 9 2026 Lukáš Zaoral <lzaoral@redhat.com> - 2.6.0-1 - rebase to the latest upstream release (rhbz#2494157) - CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr (rhbz#2494172) - remove a long-overdue workaround for /usr/include/attr/xattr.h

acl-2.4.0-1.fc44

1 day 1 hour ago
FEDORA-2026-6b9a652463 Packages in this update:
  • acl-2.4.0-1.fc44
Update description:
  • rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370

Resolves: CVE-2026-54369 Resolves: CVE-2026-54370

acl-2.4.0-1.fc43

1 day 1 hour ago
FEDORA-2026-67504c329b Packages in this update:
  • acl-2.4.0-1.fc43
Update description:
  • rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370

Resolves: CVE-2026-54369 Resolves: CVE-2026-54370

Checked
2 minutes 33 seconds ago