opensc-0.27.1-1.fc43
FEDORA-2026-4440b00e25
Packages in this update:
- opensc-0.27.1-1.fc43
New upstream release (#2442363) fixing various security issues:
Fedora Security Advisories
opensc-0.27.1-1.fc44
FEDORA-2026-8c5856afbb
Packages in this update:
- opensc-0.27.1-1.fc44
New upstream release (#2442363) fixing various security issues.
cef-146.0.9^chromium146.0.7680.164-1.fc42
FEDORA-2026-6188cc51be
Packages in this update:
- cef-146.0.9^chromium146.0.7680.164-1.fc42
Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164
- High CVE-2026-4673: Heap buffer overflow in WebAudio
- High CVE-2026-4674: Out of bounds read in CSS
- High CVE-2026-4675: Heap buffer overflow in WebGL
- High CVE-2026-4676: Use after free in Dawn
- High CVE-2026-4677: Out of bounds read in WebAudio
- High CVE-2026-4678: Use after free in WebGPU
- High CVE-2026-4679: Integer overflow in Fonts
- High CVE-2026-4680: Use after free in FedCM
- CVE-2026-4439: Out of bounds memory access in WebGL
- CVE-2026-4440: Out of bounds read and write in WebGL
- CVE-2026-4441: Use after free in Base
- CVE-2026-4442: Heap buffer overflow in CSS
- CVE-2026-4443: Heap buffer overflow in WebAudio
- CVE-2026-4444: Stack buffer overflow in WebRTC
- CVE-2026-4445: Use after free in WebRTC
- CVE-2026-4446: Use after free in WebRTC
- CVE-2026-4447: Inappropriate implementation in V8
- CVE-2026-4448: Heap buffer overflow in ANGLE
- CVE-2026-4449: Use after free in Blink
- CVE-2026-4450: Out of bounds write in V8
- CVE-2026-4451: Insufficient validation of untrusted input in Navigation
- CVE-2026-4452: Integer overflow in ANGLE
- CVE-2026-4453: Integer overflow in Dawn
- CVE-2026-4454: Use after free in Network
- CVE-2026-4455: Heap buffer overflow in PDFium
- CVE-2026-4456: Use after free in Digital Credentials API
- CVE-2026-4457: Type Confusion in V8
- CVE-2026-4458: Use after free in Extensions
- CVE-2026-4459: Out of bounds read and write in WebAudio
- CVE-2026-4460: Out of bounds read in Skia
- CVE-2026-4461: Inappropriate implementation in V8
- CVE-2026-4462: Out of bounds read in Blink
- CVE-2026-4463: Heap buffer overflow in WebRTC
- CVE-2026-4464: Integer overflow in ANGLE
- CVE-2026-3909: Out of bounds write in Ski
- CVE-2026-3909: Out of bounds write in Skia
- CVE-2026-3910: Inappropriate implementation in V8
- CVE-2026-3913: Heap buffer overflow in WebML
- CVE-2026-3914: Integer overflow in WebML
- CVE-2026-3915: Heap buffer overflow in WebML
- CVE-2026-3916: Out of bounds read in Web Speech
- CVE-2026-3917: Use after free in Agents
- CVE-2026-3909: Out of bounds write in Skia
- CVE-2026-3910: Inappropriate implementation in V8
- CVE-2026-3913: Heap buffer overflow in WebML
- CVE-2026-3914: Integer overflow in WebML
- CVE-2026-3915: Heap buffer overflow in WebML
- CVE-2026-3916: Out of bounds read in Web Speech
- CVE-2026-3917: Use after free in Agents
- CVE-2026-3918: Use after free in WebMCP
- CVE-2026-3919: Use after free in Extensions
- CVE-2026-3920: Out of bounds memory access in WebML
- CVE-2026-3921: Use after free in TextEncoding
- CVE-2026-3922: Use after free in MediaStream
- CVE-2026-3923: Use after free in WebMIDI
- CVE-2026-3924: Use after free in WindowDialog
- CVE-2026-3925: Incorrect security UI in LookalikeChecks
- CVE-2026-3926: Out of bounds read in V8
- CVE-2026-3927: Incorrect security UI in PictureInPicture
- CVE-2026-3928: Insufficient policy enforcement in Extensions
- CVE-2026-3929: Side-channel information leakage in ResourceTiming
- CVE-2026-3930: Unsafe navigation in Navigation
- CVE-2026-3931: Heap buffer overflow in Skia
- CVE-2026-3932: Insufficient policy enforcement in PDF
- CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
- CVE-2026-3935: Incorrect security UI in WebAppInstalls
- CVE-2026-3936: Use after free in WebView
- CVE-2026-3937: Incorrect security UI in Downloads
- CVE-2026-3938: Insufficient policy enforcement in Clipboard
- CVE-2026-3939: Insufficient policy enforcement in PDF
- CVE-2026-3940: Insufficient policy enforcement in DevTools
- CVE-2026-3941: Insufficient policy enforcement in DevTools
- CVE-2026-3942: Incorrect security UI in PictureInPicture
python-pydicom-3.0.2-1.fc42
FEDORA-2026-f89e555af4
Packages in this update:
- python-pydicom-3.0.2-1.fc42
Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.
vim-9.2.272-1.fc44
FEDORA-2026-86867aff2e
Packages in this update:
- vim-9.2.272-1.fc44
Security fix for CVE-2026-34714
python-biopython-1.87-1.fc44
FEDORA-2026-4802a7dbd4
Packages in this update:
- python-biopython-1.87-1.fc44
- Release 1.87
python-biopython-1.87-1.fc43
FEDORA-2026-2953954ff3
Packages in this update:
- python-biopython-1.87-1.fc43
- Release 1.87
cef-146.0.9^chromium146.0.7680.164-1.fc43
FEDORA-2026-a67eba175f
Packages in this update:
- cef-146.0.9^chromium146.0.7680.164-1.fc43
Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164
- High CVE-2026-4673: Heap buffer overflow in WebAudio
- High CVE-2026-4674: Out of bounds read in CSS
- High CVE-2026-4675: Heap buffer overflow in WebGL
- High CVE-2026-4676: Use after free in Dawn
- High CVE-2026-4677: Out of bounds read in WebAudio
- High CVE-2026-4678: Use after free in WebGPU
- High CVE-2026-4679: Integer overflow in Fonts
- High CVE-2026-4680: Use after free in FedCM
- CVE-2026-4439: Out of bounds memory access in WebGL
- CVE-2026-4440: Out of bounds read and write in WebGL
- CVE-2026-4441: Use after free in Base
- CVE-2026-4442: Heap buffer overflow in CSS
- CVE-2026-4443: Heap buffer overflow in WebAudio
- CVE-2026-4444: Stack buffer overflow in WebRTC
- CVE-2026-4445: Use after free in WebRTC
- CVE-2026-4446: Use after free in WebRTC
- CVE-2026-4447: Inappropriate implementation in V8
- CVE-2026-4448: Heap buffer overflow in ANGLE
- CVE-2026-4449: Use after free in Blink
- CVE-2026-4450: Out of bounds write in V8
- CVE-2026-4451: Insufficient validation of untrusted input in Navigation
- CVE-2026-4452: Integer overflow in ANGLE
- CVE-2026-4453: Integer overflow in Dawn
- CVE-2026-4454: Use after free in Network
- CVE-2026-4455: Heap buffer overflow in PDFium
- CVE-2026-4456: Use after free in Digital Credentials API
- CVE-2026-4457: Type Confusion in V8
- CVE-2026-4458: Use after free in Extensions
- CVE-2026-4459: Out of bounds read and write in WebAudio
- CVE-2026-4460: Out of bounds read in Skia
- CVE-2026-4461: Inappropriate implementation in V8
- CVE-2026-4462: Out of bounds read in Blink
- CVE-2026-4463: Heap buffer overflow in WebRTC
- CVE-2026-4464: Integer overflow in ANGLE
- CVE-2026-3909: Out of bounds write in Ski
- CVE-2026-3909: Out of bounds write in Skia
- CVE-2026-3910: Inappropriate implementation in V8
- CVE-2026-3913: Heap buffer overflow in WebML
- CVE-2026-3914: Integer overflow in WebML
- CVE-2026-3915: Heap buffer overflow in WebML
- CVE-2026-3916: Out of bounds read in Web Speech
- CVE-2026-3917: Use after free in Agents
- CVE-2026-3909: Out of bounds write in Skia
- CVE-2026-3910: Inappropriate implementation in V8
- CVE-2026-3913: Heap buffer overflow in WebML
- CVE-2026-3914: Integer overflow in WebML
- CVE-2026-3915: Heap buffer overflow in WebML
- CVE-2026-3916: Out of bounds read in Web Speech
- CVE-2026-3917: Use after free in Agents
- CVE-2026-3918: Use after free in WebMCP
- CVE-2026-3919: Use after free in Extensions
- CVE-2026-3920: Out of bounds memory access in WebML
- CVE-2026-3921: Use after free in TextEncoding
- CVE-2026-3922: Use after free in MediaStream
- CVE-2026-3923: Use after free in WebMIDI
- CVE-2026-3924: Use after free in WindowDialog
- CVE-2026-3925: Incorrect security UI in LookalikeChecks
- CVE-2026-3926: Out of bounds read in V8
- CVE-2026-3927: Incorrect security UI in PictureInPicture
- CVE-2026-3928: Insufficient policy enforcement in Extensions
- CVE-2026-3929: Side-channel information leakage in ResourceTiming
- CVE-2026-3930: Unsafe navigation in Navigation
- CVE-2026-3931: Heap buffer overflow in Skia
- CVE-2026-3932: Insufficient policy enforcement in PDF
- CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
- CVE-2026-3935: Incorrect security UI in WebAppInstalls
- CVE-2026-3936: Use after free in WebView
- CVE-2026-3937: Incorrect security UI in Downloads
- CVE-2026-3938: Insufficient policy enforcement in Clipboard
- CVE-2026-3939: Insufficient policy enforcement in PDF
- CVE-2026-3940: Insufficient policy enforcement in DevTools
- CVE-2026-3941: Insufficient policy enforcement in DevTools
- CVE-2026-3942: Incorrect security UI in PictureInPicture
cef-146.0.9^chromium146.0.7680.164-1.fc44
FEDORA-2026-1d6da76bba
Packages in this update:
- cef-146.0.9^chromium146.0.7680.164-1.fc44
Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164
- High CVE-2026-4673: Heap buffer overflow in WebAudio
- High CVE-2026-4674: Out of bounds read in CSS
- High CVE-2026-4675: Heap buffer overflow in WebGL
- High CVE-2026-4676: Use after free in Dawn
- High CVE-2026-4677: Out of bounds read in WebAudio
- High CVE-2026-4678: Use after free in WebGPU
- High CVE-2026-4679: Integer overflow in Fonts
- High CVE-2026-4680: Use after free in FedCM
- CVE-2026-4439: Out of bounds memory access in WebGL
- CVE-2026-4440: Out of bounds read and write in WebGL
- CVE-2026-4441: Use after free in Base
- CVE-2026-4442: Heap buffer overflow in CSS
- CVE-2026-4443: Heap buffer overflow in WebAudio
- CVE-2026-4444: Stack buffer overflow in WebRTC
- CVE-2026-4445: Use after free in WebRTC
- CVE-2026-4446: Use after free in WebRTC
- CVE-2026-4447: Inappropriate implementation in V8
- CVE-2026-4448: Heap buffer overflow in ANGLE
- CVE-2026-4449: Use after free in Blink
- CVE-2026-4450: Out of bounds write in V8
- CVE-2026-4451: Insufficient validation of untrusted input in Navigation
- CVE-2026-4452: Integer overflow in ANGLE
- CVE-2026-4453: Integer overflow in Dawn
- CVE-2026-4454: Use after free in Network
- CVE-2026-4455: Heap buffer overflow in PDFium
- CVE-2026-4456: Use after free in Digital Credentials API
- CVE-2026-4457: Type Confusion in V8
- CVE-2026-4458: Use after free in Extensions
- CVE-2026-4459: Out of bounds read and write in WebAudio
- CVE-2026-4460: Out of bounds read in Skia
- CVE-2026-4461: Inappropriate implementation in V8
- CVE-2026-4462: Out of bounds read in Blink
- CVE-2026-4463: Heap buffer overflow in WebRTC
- CVE-2026-4464: Integer overflow in ANGLE
- CVE-2026-3909: Out of bounds write in Ski
- CVE-2026-3909: Out of bounds write in Skia
- CVE-2026-3910: Inappropriate implementation in V8
- CVE-2026-3913: Heap buffer overflow in WebML
- CVE-2026-3914: Integer overflow in WebML
- CVE-2026-3915: Heap buffer overflow in WebML
- CVE-2026-3916: Out of bounds read in Web Speech
- CVE-2026-3917: Use after free in Agents
- CVE-2026-3909: Out of bounds write in Skia
- CVE-2026-3910: Inappropriate implementation in V8
- CVE-2026-3913: Heap buffer overflow in WebML
- CVE-2026-3914: Integer overflow in WebML
- CVE-2026-3915: Heap buffer overflow in WebML
- CVE-2026-3916: Out of bounds read in Web Speech
- CVE-2026-3917: Use after free in Agents
- CVE-2026-3918: Use after free in WebMCP
- CVE-2026-3919: Use after free in Extensions
- CVE-2026-3920: Out of bounds memory access in WebML
- CVE-2026-3921: Use after free in TextEncoding
- CVE-2026-3922: Use after free in MediaStream
- CVE-2026-3923: Use after free in WebMIDI
- CVE-2026-3924: Use after free in WindowDialog
- CVE-2026-3925: Incorrect security UI in LookalikeChecks
- CVE-2026-3926: Out of bounds read in V8
- CVE-2026-3927: Incorrect security UI in PictureInPicture
- CVE-2026-3928: Insufficient policy enforcement in Extensions
- CVE-2026-3929: Side-channel information leakage in ResourceTiming
- CVE-2026-3930: Unsafe navigation in Navigation
- CVE-2026-3931: Heap buffer overflow in Skia
- CVE-2026-3932: Insufficient policy enforcement in PDF
- CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
- CVE-2026-3935: Incorrect security UI in WebAppInstalls
- CVE-2026-3936: Use after free in WebView
- CVE-2026-3937: Incorrect security UI in Downloads
- CVE-2026-3938: Insufficient policy enforcement in Clipboard
- CVE-2026-3939: Insufficient policy enforcement in PDF
- CVE-2026-3940: Insufficient policy enforcement in DevTools
- CVE-2026-3941: Insufficient policy enforcement in DevTools
- CVE-2026-3942: Incorrect security UI in PictureInPicture
perl-5.40.4-520.fc42 perl-Devel-Cover-1.44-7.fc42 perl-PAR-Packer-1.064-3.fc42 polymake-4.15-3.fc42
FEDORA-2026-58dd426edd
Packages in this update:
- perl-5.40.4-520.fc42
- perl-Devel-Cover-1.44-7.fc42
- perl-PAR-Packer-1.064-3.fc42
- polymake-4.15-3.fc42
Update for Perl 5.40.4
libcgif-0.5.2-2.fc44
FEDORA-2026-a9e11de877
Packages in this update:
- libcgif-0.5.2-2.fc44
fix potential undefined behavior in cgif_addframe CVE-2026-4985
libcgif-0.5.2-2.fc43
FEDORA-2026-a526fda5ec
Packages in this update:
- libcgif-0.5.2-2.fc43
fix potential undefined behavior in cgif_addframe CVE-2026-4985
libcgif-0.5.2-2.fc42
FEDORA-2026-7c2a9830d7
Packages in this update:
- libcgif-0.5.2-2.fc42
fix potential undefined behavior in cgif_addframe CVE-2026-4985
python-pydicom-3.0.2-1.fc43
FEDORA-2026-f5c971af6c
Packages in this update:
- python-pydicom-3.0.2-1.fc43
Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.
python-pydicom-3.0.2-1.fc44
FEDORA-2026-9eecdef4e0
Packages in this update:
- python-pydicom-3.0.2-1.fc44
Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.
roundcubemail-1.7~rc6-1.fc44
FEDORA-2026-6d293b6889
Packages in this update:
- roundcubemail-1.7~rc6-1.fc44
Version 1.7-rc6
This is hopefully the last release candidate for the next major version 1.7 of Roundcube Webmail. It provides a fix to recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
We believe it is production ready, but we recommend to test it on a separate environment.
Migrate existing configs with either the installto.sh or the update.sh scripts.
And don't forget to backup your data before installing it!
CHANGELOG
- Added support for arrays in smtp_user and smtp_pass config options (#10083)
- Added system health checker CLI script (#10106)
- Stricter recognition of an Ajax request (#10118)
- Password: Added Stalwart driver (#10114)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
roundcubemail-1.6.15-1.el10_2
FEDORA-EPEL-2026-646aebe990
Packages in this update:
- roundcubemail-1.6.15-1.el10_2
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
CHANGELOG
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
roundcubemail-1.6.15-1.fc42
FEDORA-2026-051825ca18
Packages in this update:
- roundcubemail-1.6.15-1.fc42
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
CHANGELOG
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
roundcubemail-1.6.15-1.el10_1
FEDORA-EPEL-2026-82b702d826
Packages in this update:
- roundcubemail-1.6.15-1.el10_1
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
CHANGELOG
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke
roundcubemail-1.6.15-1.el10_3
FEDORA-EPEL-2026-f7a0d90857
Packages in this update:
- roundcubemail-1.6.15-1.el10_3
Version 1.6.15
This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security vulnerability:
- SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke, reported by class_nzm.
This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating!
CHANGELOG
- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke