Fedora Security Advisories

7zip-26.01-1.el10_3

4 hours 22 minutes ago
FEDORA-EPEL-2026-52d18d8d5a Packages in this update:
  • 7zip-26.01-1.el10_3
Update description:
  • Fixes CVE-2026-48092: Information disclosure in 32-bit builds
  • Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler
  • Fixes CVE-2026-48101: Information disclosure in UEFI capsule parser
  • Fixes CVE-2026-48102: Information disclosure and DOS via crafted UDF image
  • Fixes CVE-2026-48103: Off-by-one buffer over-read in WIM archive handler
  • Fixes CVE-2026-48104: Uninitialized heap read in SquashFS archive handler
  • Fixes CVE-2026-48111: Off-by-one OOB read in UEFI firmware image parser
  • Fixes CVE-2026-48112: Heap-based buffer over-read in Ar handler BSD SYMDEF parser

7zip-26.01-1.el10_2

4 hours 22 minutes ago
FEDORA-EPEL-2026-8d909527ba Packages in this update:
  • 7zip-26.01-1.el10_2
Update description:
  • Fixes CVE-2026-48092: Information disclosure in 32-bit builds
  • Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler
  • Fixes CVE-2026-48101: Information disclosure in UEFI capsule parser
  • Fixes CVE-2026-48102: Information disclosure and DOS via crafted UDF image
  • Fixes CVE-2026-48103: Off-by-one buffer over-read in WIM archive handler
  • Fixes CVE-2026-48104: Uninitialized heap read in SquashFS archive handler
  • Fixes CVE-2026-48111: Off-by-one OOB read in UEFI firmware image parser
  • Fixes CVE-2026-48112: Heap-based buffer over-read in Ar handler BSD SYMDEF parser

7zip-26.01-1.fc43

4 hours 38 minutes ago
FEDORA-2026-f36864b408 Packages in this update:
  • 7zip-26.01-1.fc43
Update description:
  • Fixes CVE-2026-48092: Information disclosure in 32-bit builds
  • Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler
  • Fixes CVE-2026-48101: Information disclosure in UEFI capsule parser
  • Fixes CVE-2026-48102: Information disclosure and DOS via crafted UDF image
  • Fixes CVE-2026-48103: Off-by-one buffer over-read in WIM archive handler
  • Fixes CVE-2026-48104: Uninitialized heap read in SquashFS archive handler
  • Fixes CVE-2026-48111: Off-by-one OOB read in UEFI firmware image parser
  • Fixes CVE-2026-48112: Heap-based buffer over-read in Ar handler BSD SYMDEF parser

7zip-26.01-1.fc44

4 hours 38 minutes ago
FEDORA-2026-4be7569210 Packages in this update:
  • 7zip-26.01-1.fc44
Update description:
  • Fixes CVE-2026-48092: Information disclosure in 32-bit builds
  • Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler
  • Fixes CVE-2026-48101: Information disclosure in UEFI capsule parser
  • Fixes CVE-2026-48102: Information disclosure and DOS via crafted UDF image
  • Fixes CVE-2026-48103: Off-by-one buffer over-read in WIM archive handler
  • Fixes CVE-2026-48104: Uninitialized heap read in SquashFS archive handler
  • Fixes CVE-2026-48111: Off-by-one OOB read in UEFI firmware image parser
  • Fixes CVE-2026-48112: Heap-based buffer over-read in Ar handler BSD SYMDEF parser

buildah-1.44.0-1.fc45 containers-common-0.68.0-1.fc45 podman-6.0.0~rc1-1.fc45 skopeo-1.23.0-1.fc45

7 hours 28 minutes ago
FEDORA-2026-2419096432 Packages in this update:
  • buildah-1.44.0-1.fc45
  • containers-common-0.68.0-1.fc45
  • podman-6.0.0~rc1-1.fc45
  • skopeo-1.23.0-1.fc45
Update description:

Automatic update for buildah-1.44.0-1.fc45, podman-6.0.0~rc1-1.fc45, skopeo-1.23.0-1.fc45, containers-common-0.68.0-1.fc45.

Changelog for buildah * Wed May 27 2026 Packit <hello@packit.dev> - 2:1.44.0-1 - Update to 1.44.0 upstream release Changelog for podman * Mon Jun 15 2026 Packit <hello@packit.dev> - 5:6.0.0~rc1-1 - Update to 6.0.0-rc1 upstream release * Fri Jun 12 2026 Yaakov Selkowitz <yselkowi@redhat.com> - 5:5.8.2-2 - Rebuilt for openssl 4.0 Changelog for skopeo * Tue May 26 2026 Packit <hello@packit.dev> - 1:1.23.0-1 - Update to 1.23.0 upstream release Changelog for containers-common * Thu May 21 2026 Packit <hello@packit.dev> - 5:0.68.0-1 - Update to 0.68.0 upstream release

sudo-1.9.17-13.p2.fc45

7 hours 40 minutes ago
FEDORA-2026-41453e7fa4 Packages in this update:
  • sudo-1.9.17-13.p2.fc45
Update description:

Automatic update for sudo-1.9.17-13.p2.fc45.

Changelog * Mon Jun 15 2026 Alejandro López <allopez@redhat.com> - 1.9.17-12.p2 - Removed some unneeded build-time dependencies * Mon Jun 15 2026 Alejandro López <allopez@redhat.com> - 1.9.17-11.p2 - Resolves: rhbz#2379016 - don't recommend sudo-python-plugins

perl-Crypt-DSA-1.17-30.el9

11 hours 12 minutes ago
FEDORA-EPEL-2026-abb2a8237d Packages in this update:
  • perl-Crypt-DSA-1.17-30.el9
Update description:

This update prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).

perl-Crypt-DSA-1.17-30.el8

11 hours 12 minutes ago
FEDORA-EPEL-2026-18f1bb66c7 Packages in this update:
  • perl-Crypt-DSA-1.17-30.el8
Update description:

This update prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).

perl-Crypt-DSA-1.21-1.fc44

11 hours 19 minutes ago
FEDORA-2026-f4a6b0c635 Packages in this update:
  • perl-Crypt-DSA-1.21-1.fc44
Update description:

This update, to the current upstream release, prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).

perl-Crypt-DSA-1.21-1.el10_3

11 hours 19 minutes ago
FEDORA-EPEL-2026-954ec464c6 Packages in this update:
  • perl-Crypt-DSA-1.21-1.el10_3
Update description:

This update, to the current upstream release, prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).

perl-Crypt-DSA-1.21-1.el10_2

11 hours 19 minutes ago
FEDORA-EPEL-2026-027ffba596 Packages in this update:
  • perl-Crypt-DSA-1.21-1.el10_2
Update description:

This update, to the current upstream release, prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).

perl-Crypt-DSA-1.21-1.fc43

11 hours 19 minutes ago
FEDORA-2026-5cf57e43e3 Packages in this update:
  • perl-Crypt-DSA-1.21-1.fc43
Update description:

This update, to the current upstream release, prevents key material reuse for multiple signing events (CVE-2026-12205, CWE-323).

perl-Crypt-DSA-1.21-1.fc45

12 hours 26 minutes ago
FEDORA-2026-cf622b92d7 Packages in this update:
  • perl-Crypt-DSA-1.21-1.fc45
Update description:

Automatic update for perl-Crypt-DSA-1.21-1.fc45.

Changelog * Mon Jun 15 2026 Paul Howarth <paul@city-fan.org> - 1.21-1 - Update to 1.21 - Fixed key material reuse for multiple signing events (CVE-2026-12205, CWE-323) - sign() reused the DSA nonce k across signatures (r and k^-1 were cached on the key and not regenerated), allowing private-key recovery from two signatures over different messages - Now generates a fresh nonce per signature - Keys used to sign more than once with an affected version should be considered compromised * Fri Jun 12 2026 Yaakov Selkowitz <yselkowi@redhat.com> - 1.20-2 - Rebuilt for openssl 4.0

chromium-149.0.7827.114-1.fc44

15 hours 27 minutes ago
FEDORA-2026-59f46c195f Packages in this update:
  • chromium-149.0.7827.114-1.fc44
Update description:

Update to 149.0.7827.114

  • CVE-2026-12007: Use after free Core
  • CVE-2026-12008: Use after free DigitalCredentials
  • CVE-2026-12009: Insufficient validation of untrusted input Accessibility
  • CVE-2026-12010: Heap buffer overflow GPU
  • CVE-2026-12011: Use after free WebMIDI
  • CVE-2026-12012: Use after free Network
  • CVE-2026-12013: Use after free Media
  • CVE-2026-12014: Use after free Cast
  • CVE-2026-12015: Use after free Autofill
  • CVE-2026-12016: Insufficient validation of untrusted input DevTools
  • CVE-2026-12017: Insufficient validation of untrusted input Extensions
  • CVE-2026-12018: Inappropriate implementation Mojo
  • CVE-2026-12019: Out of bounds write Codecs
  • CVE-2026-12020: Use after free Autofill
  • CVE-2026-12022: Race Safe Browsing
  • CVE-2026-12023: Use after free GPU
  • CVE-2026-12024: Insufficient policy enforcement DevTools
  • CVE-2026-12025: Insufficient validation of untrusted input Network
  • CVE-2026-12026: Out of bounds read Video
  • CVE-2026-12027: Insufficient policy enforcement Headless
  • CVE-2026-12028: Use after free GPU
  • CVE-2026-12029: Use after free Video
  • CVE-2026-12030: Heap buffer overflow GPU
  • CVE-2026-12031: Inappropriate implementation Views
  • CVE-2026-12032: Inappropriate implementation Passwords
  • CVE-2026-12033: Out of bounds read VideoCapture
  • CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming
  • CVE-2026-12035: Use after free Views
  • Disable AI Mode settings

chromium-149.0.7827.114-1.el9

15 hours 27 minutes ago
FEDORA-EPEL-2026-dfe06d2851 Packages in this update:
  • chromium-149.0.7827.114-1.el9
Update description:

Update to 149.0.7827.114

  • CVE-2026-12007: Use after free Core
  • CVE-2026-12008: Use after free DigitalCredentials
  • CVE-2026-12009: Insufficient validation of untrusted input Accessibility
  • CVE-2026-12010: Heap buffer overflow GPU
  • CVE-2026-12011: Use after free WebMIDI
  • CVE-2026-12012: Use after free Network
  • CVE-2026-12013: Use after free Media
  • CVE-2026-12014: Use after free Cast
  • CVE-2026-12015: Use after free Autofill
  • CVE-2026-12016: Insufficient validation of untrusted input DevTools
  • CVE-2026-12017: Insufficient validation of untrusted input Extensions
  • CVE-2026-12018: Inappropriate implementation Mojo
  • CVE-2026-12019: Out of bounds write Codecs
  • CVE-2026-12020: Use after free Autofill
  • CVE-2026-12022: Race Safe Browsing
  • CVE-2026-12023: Use after free GPU
  • CVE-2026-12024: Insufficient policy enforcement DevTools
  • CVE-2026-12025: Insufficient validation of untrusted input Network
  • CVE-2026-12026: Out of bounds read Video
  • CVE-2026-12027: Insufficient policy enforcement Headless
  • CVE-2026-12028: Use after free GPU
  • CVE-2026-12029: Use after free Video
  • CVE-2026-12030: Heap buffer overflow GPU
  • CVE-2026-12031: Inappropriate implementation Views
  • CVE-2026-12032: Inappropriate implementation Passwords
  • CVE-2026-12033: Out of bounds read VideoCapture
  • CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming
  • CVE-2026-12035: Use after free Views
  • Disable AI Mode settings

chromium-149.0.7827.114-1.el10_3

15 hours 27 minutes ago
FEDORA-EPEL-2026-5aeb8c1179 Packages in this update:
  • chromium-149.0.7827.114-1.el10_3
Update description:

Update to 149.0.7827.114

  • CVE-2026-12007: Use after free Core
  • CVE-2026-12008: Use after free DigitalCredentials
  • CVE-2026-12009: Insufficient validation of untrusted input Accessibility
  • CVE-2026-12010: Heap buffer overflow GPU
  • CVE-2026-12011: Use after free WebMIDI
  • CVE-2026-12012: Use after free Network
  • CVE-2026-12013: Use after free Media
  • CVE-2026-12014: Use after free Cast
  • CVE-2026-12015: Use after free Autofill
  • CVE-2026-12016: Insufficient validation of untrusted input DevTools
  • CVE-2026-12017: Insufficient validation of untrusted input Extensions
  • CVE-2026-12018: Inappropriate implementation Mojo
  • CVE-2026-12019: Out of bounds write Codecs
  • CVE-2026-12020: Use after free Autofill
  • CVE-2026-12022: Race Safe Browsing
  • CVE-2026-12023: Use after free GPU
  • CVE-2026-12024: Insufficient policy enforcement DevTools
  • CVE-2026-12025: Insufficient validation of untrusted input Network
  • CVE-2026-12026: Out of bounds read Video
  • CVE-2026-12027: Insufficient policy enforcement Headless
  • CVE-2026-12028: Use after free GPU
  • CVE-2026-12029: Use after free Video
  • CVE-2026-12030: Heap buffer overflow GPU
  • CVE-2026-12031: Inappropriate implementation Views
  • CVE-2026-12032: Inappropriate implementation Passwords
  • CVE-2026-12033: Out of bounds read VideoCapture
  • CVE-2026-12034: Insufficient validation of untrusted input Linux Toolkit Theming
  • CVE-2026-12035: Use after free Views
  • Disable AI Mode settings
Checked
23 minutes 9 seconds ago