Fedora Security Advisories

openssh-10.2p1-13.fc44

7 hours 33 minutes ago
FEDORA-2026-c9d8542bb3 Packages in this update:
  • openssh-10.2p1-13.fc44
Update description:
  • CVE-2026-59996: Fix remote glob result of ".." causing files to be placed in unintended parent directories when scp performs remote-to-remote copy via the local host
  • CVE-2026-60002: Fix use-after-free in cached hostkey during key re-exchange

openssh-10.0p1-11.fc43

7 hours 33 minutes ago
FEDORA-2026-169fd93089 Packages in this update:
  • openssh-10.0p1-11.fc43
Update description:
  • CVE-2026-59996: Fix remote glob result of ".." causing files to be placed in unintended parent directories when scp performs remote-to-remote copy via the local host
  • CVE-2026-60002: Fix use-after-free in cached hostkey during key re-exchange

moby-engine-29.6.2-1.fc43

8 hours 27 minutes ago
FEDORA-2026-64ca3441c3 Packages in this update:
  • moby-engine-29.6.2-1.fc43
Update description:
  • Update to release v29.6.2
  • Resolves: rhbz#2496437
  • Upstream security fixes
    • GHSA-hw3h-2gp9-cxpv
    • GHSA-qx3x-mv6r-52p6
    • GHSA-32pv-7hq5-qhwq
    • GHSA-g2h8-426c-7976
    • GHSA-388v-wmr2-g2v2

chromium-150.0.7871.124-1.el10_3

14 hours 51 minutes ago
FEDORA-EPEL-2026-012b021e70 Packages in this update:
  • chromium-150.0.7871.124-1.el10_3
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.el10_2

14 hours 51 minutes ago
FEDORA-EPEL-2026-3bd3da0297 Packages in this update:
  • chromium-150.0.7871.124-1.el10_2
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.fc43

14 hours 51 minutes ago
FEDORA-2026-32e3e23696 Packages in this update:
  • chromium-150.0.7871.124-1.fc43
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.el9

14 hours 51 minutes ago
FEDORA-EPEL-2026-72397f334b Packages in this update:
  • chromium-150.0.7871.124-1.el9
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

chromium-150.0.7871.124-1.fc44

14 hours 51 minutes ago
FEDORA-2026-7437330b17 Packages in this update:
  • chromium-150.0.7871.124-1.fc44
Update description:

Update to 150.0.7871.124

* CVE-2026-15764: Use after free in Ozone * CVE-2026-15765: Use after free in Ozone * CVE-2026-15766: Uninitialized Use in Skia * CVE-2026-15767: Heap buffer overflow in libyuv * CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas * CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming * CVE-2026-15770: Uninitialized Use in V8 * CVE-2026-15771: Insufficient validation of untrusted input in Media * CVE-2026-15772: Use after free in GPU * CVE-2026-15773: Use after free in Core * CVE-2026-15774: Use after free in Skia * CVE-2026-15775: Insufficient policy enforcement in V8 * CVE-2026-15776: Type Confusion in V8 * CVE-2026-15777: Use after free in UI * CVE-2026-15778: Insufficient validation of untrusted input in Navigation

moby-engine-29.6.2-1.fc44

18 hours 2 minutes ago
FEDORA-2026-70a4eeeab8 Packages in this update:
  • moby-engine-29.6.2-1.fc44
Update description:
  • Update to release v29.6.2
  • Resolves: rhbz#2496437
  • Upstream security fixes
    • GHSA-hw3h-2gp9-cxpv
    • GHSA-qx3x-mv6r-52p6
    • GHSA-32pv-7hq5-qhwq
    • GHSA-g2h8-426c-7976
    • GHSA-388v-wmr2-g2v2

python-django5-5.2.16-1.fc43

23 hours 53 minutes ago
FEDORA-2026-fbb9501b22 Packages in this update:
  • python-django5-5.2.16-1.fc43
Update description:

Update python-django5 to version 5.2.16

Fixes three low-severity CVEs

  • CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
  • CVE-2026-53877: Heap buffer over-read in GDALRaster
  • CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input

python-django5-5.2.16-1.fc44

23 hours 53 minutes ago
FEDORA-2026-595d35a4d1 Packages in this update:
  • python-django5-5.2.16-1.fc44
Update description:

Update python-django5 to version 5.2.16

Fixes three low-severity CVEs

  • CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
  • CVE-2026-53877: Heap buffer over-read in GDALRaster
  • CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input

moby-engine-29.6.2-1.fc45

23 hours 58 minutes ago
FEDORA-2026-3a690a88c2 Packages in this update:
  • moby-engine-29.6.2-1.fc45
Update description:

Automatic update for moby-engine-29.6.2-1.fc45.

Changelog * Thu Jul 16 2026 Bradley G Smith <bradley.g.smith@gmail.com> - 29.6.2-1 - Update to release v29.6.2 - Resolves: rhbz#2496437 - Upstream security fixes - - GHSA-hw3h-2gp9-cxpv - - GHSA-qx3x-mv6r-52p6 - - GHSA-32pv-7hq5-qhwq - - GHSA-g2h8-426c-7976 - - GHSA-388v-wmr2-g2v2 * Thu Jul 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 29.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_45_Mass_Rebuild
Checked
50 minutes 11 seconds ago