netatalk-4.4.3-1.fc43
FEDORA-2026-9fd50b2ff1
Packages in this update:
- netatalk-4.4.3-1.fc43
4.4.3 Release
Fedora Security Advisories
netatalk-4.4.3-1.fc44
FEDORA-2026-e7e7bb2417
Packages in this update:
- netatalk-4.4.3-1.fc44
4.4.3 Release
libssh2-1.11.1-6.el9
FEDORA-EPEL-2026-e7b8776a02
Packages in this update:
- libssh2-1.11.1-6.el9
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.
libssh2-1.11.1-6.el10_2
FEDORA-EPEL-2026-afcb3443a1
Packages in this update:
- libssh2-1.11.1-6.el10_2
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.
libssh2-1.11.1-6.el10_3
FEDORA-EPEL-2026-afd26ad447
Packages in this update:
- libssh2-1.11.1-6.el10_3
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.
libssh2-1.11.1-6.fc43
FEDORA-2026-1b9134cdc9
Packages in this update:
- libssh2-1.11.1-6.fc43
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.
libssh2-1.11.1-6.fc44
FEDORA-2026-f87ac8187c
Packages in this update:
- libssh2-1.11.1-6.fc44
This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password strings.
ffmpeg-7.1.4-1.el10_3
FEDORA-EPEL-2026-8794c31f20
Packages in this update:
- ffmpeg-7.1.4-1.el10_3
Latest bugfix release from 7.1 branch. Changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/d9633e6e2cbea53927c02f9c8762712551591b6a:/Changelog
Fixes:
- CVE-2025-10256
- CVE-2026-30997
- CVE-2026-40962
ffmpeg-5.1.9-1.el9
FEDORA-EPEL-2026-7e25a1d2ec
Packages in this update:
- ffmpeg-5.1.9-1.el9
Latest bugfix release from 5.1 branch. Changelog: https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/564e825f428c835670da3a9f31a4b49261481c25:/Changelog .
Fixes:
- CVE-2025-1594
- CVE-2025-7700
- CVE-2025-10256
- CVE-2025-22919
- CVE-2025-59728
- CVE-2025-59731
- CVE-2025-59732
- CVE-2025-59733
- CVE-2026-30997
- CVE-2026-40962
chromium-148.0.7778.178-1.el10_3
FEDORA-EPEL-2026-c0b39ff94f
Packages in this update:
- chromium-148.0.7778.178-1.el10_3
Update to 148.0.7778.178
- CVE-2026-9111: Use after free in WebRTC
- CVE-2026-9110: Inappropriate implementation in UI
- CVE-2026-9112: Use after free in GPU
- CVE-2026-9113: Out of bounds read in GPU
- CVE-2026-9114: Use after free in QUIC
- CVE-2026-9115: Insufficient policy enforcement in Service Worker
- CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
- CVE-2026-9117: Type Confusion in GFX
- CVE-2026-9118: Use after free in XR
- CVE-2026-9119: Heap buffer overflow in WebRTC
- CVE-2026-9120: Use after free in WebRTC
- CVE-2026-9126: Use after free in DOM
- CVE-2026-9121: Out of bounds read in GPU
- CVE-2026-9122: Out of bounds read in GPU
- CVE-2026-9123: Heap buffer overflow in Chromecast
- CVE-2026-9124: Insufficient validation of untrusted input in Input
chromium-148.0.7778.178-1.fc43
FEDORA-2026-b17799ac62
Packages in this update:
- chromium-148.0.7778.178-1.fc43
Update to 148.0.7778.178
- CVE-2026-9111: Use after free in WebRTC
- CVE-2026-9110: Inappropriate implementation in UI
- CVE-2026-9112: Use after free in GPU
- CVE-2026-9113: Out of bounds read in GPU
- CVE-2026-9114: Use after free in QUIC
- CVE-2026-9115: Insufficient policy enforcement in Service Worker
- CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
- CVE-2026-9117: Type Confusion in GFX
- CVE-2026-9118: Use after free in XR
- CVE-2026-9119: Heap buffer overflow in WebRTC
- CVE-2026-9120: Use after free in WebRTC
- CVE-2026-9126: Use after free in DOM
- CVE-2026-9121: Out of bounds read in GPU
- CVE-2026-9122: Out of bounds read in GPU
- CVE-2026-9123: Heap buffer overflow in Chromecast
- CVE-2026-9124: Insufficient validation of untrusted input in Input
Update to 148.0.7778.167
- CVE-2026-8509: Heap buffer overflow in WebML
- CVE-2026-8510: Integer overflow in Skia
- CVE-2026-8511: Use after free in UI
- CVE-2026-8512: Use after free in FileSystem
- CVE-2026-8513: Use after free in Input
- CVE-2026-8514: Use after free in Aura
- CVE-2026-8515: Use after free in HID
- CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
- CVE-2026-8517: Object lifecycle issue in WebShare
- CVE-2026-8518: Use after free in Blink
- CVE-2026-8519: Integer overflow in ANGLE
- CVE-2026-8520: Race in Payments
- CVE-2026-8521: Use after free in Tab Groups
- CVE-2026-8522: Use after free in Downloads
- CVE-2026-8523: Use after free in Mojo
- CVE-2026-8558: Out of bounds write in Fonts
- CVE-2026-8524: Out of bounds write in WebAudio
- CVE-2026-8525: Heap buffer overflow in ANGLE
- CVE-2026-8526: Out of bounds write in WebRTC
- CVE-2026-8527: Insufficient validation of untrusted input in Downloads
- CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
- CVE-2026-8529: Heap buffer overflow in Codecs
- CVE-2026-8530: Use after free in Network
- CVE-2026-8531: Heap buffer overflow in WebML
- CVE-2026-8532: Integer overflow in XML
- CVE-2026-8533: Use after free in Accessibility
- CVE-2026-8534: Integer overflow in GPU
- CVE-2026-8535: Out of bounds read in Media
- CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
- CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
- CVE-2026-8538: Insufficient validation of untrusted input in GPU
- CVE-2026-8539: Script injection in SanitizerAPI
- CVE-2026-8540: Type Confusion in V8
- CVE-2026-8541: Out of bounds read in UI
- CVE-2026-8542: Use after free in Core
- CVE-2026-8543: Out of bounds read in FileSystem
- CVE-2026-8544: Use after free in Media
- CVE-2026-8545: Object corruption in Compositing
- CVE-2026-8546: Out of bounds read in GPU
- CVE-2026-8547: Insufficient policy enforcement in Passwords
- CVE-2026-8548: Out of bounds write in Media
- CVE-2026-8549: Use after free in Media
- CVE-2026-8550: Use after free in Google Lens
- CVE-2026-8551: Use after free in Downloads
- CVE-2026-8552: Heap buffer overflow in GPU
- CVE-2026-8553: Use after free in GPU
- CVE-2026-8554: Type Confusion in ANGLE
- CVE-2026-8555: Use after free in GTK
- CVE-2026-8556: Inappropriate implementation in ANGLE
- CVE-2026-8557: Use after free in Accessibility
- CVE-2026-8559: Integer overflow in Internationalization
- CVE-2026-8560: Heap buffer overflow in SwiftShader
- CVE-2026-8561: Incorrect security UI in Fullscreen
- CVE-2026-8562: Side-channel information leakage in Navigation
- CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
- CVE-2026-8564: Incorrect security UI in Downloads
- CVE-2026-8565: Inappropriate implementation in Downloads
- CVE-2026-8566: Insufficient policy enforcement in Payments
- CVE-2026-8567: Integer overflow in ANGLE
- CVE-2026-8568: Insufficient policy enforcement in AI
- CVE-2026-8569: Out of bounds write in Codecs
- CVE-2026-8570: Type Confusion in V8
- CVE-2026-8571: Insufficient policy enforcement in GPU
- CVE-2026-8572: Insufficient policy enforcement in Network
- CVE-2026-8573: Integer overflow in Codecs
- CVE-2026-8574: Use after free in Core
- CVE-2026-8575: Use after free in UI
- CVE-2026-8576: Inappropriate implementation in CORS
- CVE-2026-8577: Integer overflow in Fonts
- CVE-2026-8578: Out of bounds read in GPU
- CVE-2026-8579: Insufficient validation of untrusted input in Skia
- CVE-2026-8580: Use after free in Mojo
- CVE-2026-8581: Use after free in GPU
- CVE-2026-8582: Object lifecycle issue in Dawn
- CVE-2026-8583: Insufficient policy enforcement in WebXR
- CVE-2026-8584: Inappropriate implementation in Views
- CVE-2026-8585: Inappropriate implementation in Media
- CVE-2026-8586: Inappropriate implementation in Chromoting
- CVE-2026-8587: Use after free in Extensions
chromium-148.0.7778.178-1.fc42
FEDORA-2026-e4f5923bae
Packages in this update:
- chromium-148.0.7778.178-1.fc42
Update to 148.0.7778.178
- CVE-2026-9111: Use after free in WebRTC
- CVE-2026-9110: Inappropriate implementation in UI
- CVE-2026-9112: Use after free in GPU
- CVE-2026-9113: Out of bounds read in GPU
- CVE-2026-9114: Use after free in QUIC
- CVE-2026-9115: Insufficient policy enforcement in Service Worker
- CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
- CVE-2026-9117: Type Confusion in GFX
- CVE-2026-9118: Use after free in XR
- CVE-2026-9119: Heap buffer overflow in WebRTC
- CVE-2026-9120: Use after free in WebRTC
- CVE-2026-9126: Use after free in DOM
- CVE-2026-9121: Out of bounds read in GPU
- CVE-2026-9122: Out of bounds read in GPU
- CVE-2026-9123: Heap buffer overflow in Chromecast
- CVE-2026-9124: Insufficient validation of untrusted input in Input
Update to 148.0.7778.167
- CVE-2026-8509: Heap buffer overflow in WebML
- CVE-2026-8510: Integer overflow in Skia
- CVE-2026-8511: Use after free in UI
- CVE-2026-8512: Use after free in FileSystem
- CVE-2026-8513: Use after free in Input
- CVE-2026-8514: Use after free in Aura
- CVE-2026-8515: Use after free in HID
- CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer
- CVE-2026-8517: Object lifecycle issue in WebShare
- CVE-2026-8518: Use after free in Blink
- CVE-2026-8519: Integer overflow in ANGLE
- CVE-2026-8520: Race in Payments
- CVE-2026-8521: Use after free in Tab Groups
- CVE-2026-8522: Use after free in Downloads
- CVE-2026-8523: Use after free in Mojo
- CVE-2026-8558: Out of bounds write in Fonts
- CVE-2026-8524: Out of bounds write in WebAudio
- CVE-2026-8525: Heap buffer overflow in ANGLE
- CVE-2026-8526: Out of bounds write in WebRTC
- CVE-2026-8527: Insufficient validation of untrusted input in Downloads
- CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation
- CVE-2026-8529: Heap buffer overflow in Codecs
- CVE-2026-8530: Use after free in Network
- CVE-2026-8531: Heap buffer overflow in WebML
- CVE-2026-8532: Integer overflow in XML
- CVE-2026-8533: Use after free in Accessibility
- CVE-2026-8534: Integer overflow in GPU
- CVE-2026-8535: Out of bounds read in Media
- CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode
- CVE-2026-8537: Insufficient policy enforcement in ViewTransitions
- CVE-2026-8538: Insufficient validation of untrusted input in GPU
- CVE-2026-8539: Script injection in SanitizerAPI
- CVE-2026-8540: Type Confusion in V8
- CVE-2026-8541: Out of bounds read in UI
- CVE-2026-8542: Use after free in Core
- CVE-2026-8543: Out of bounds read in FileSystem
- CVE-2026-8544: Use after free in Media
- CVE-2026-8545: Object corruption in Compositing
- CVE-2026-8546: Out of bounds read in GPU
- CVE-2026-8547: Insufficient policy enforcement in Passwords
- CVE-2026-8548: Out of bounds write in Media
- CVE-2026-8549: Use after free in Media
- CVE-2026-8550: Use after free in Google Lens
- CVE-2026-8551: Use after free in Downloads
- CVE-2026-8552: Heap buffer overflow in GPU
- CVE-2026-8553: Use after free in GPU
- CVE-2026-8554: Type Confusion in ANGLE
- CVE-2026-8555: Use after free in GTK
- CVE-2026-8556: Inappropriate implementation in ANGLE
- CVE-2026-8557: Use after free in Accessibility
- CVE-2026-8559: Integer overflow in Internationalization
- CVE-2026-8560: Heap buffer overflow in SwiftShader
- CVE-2026-8561: Incorrect security UI in Fullscreen
- CVE-2026-8562: Side-channel information leakage in Navigation
- CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox
- CVE-2026-8564: Incorrect security UI in Downloads
- CVE-2026-8565: Inappropriate implementation in Downloads
- CVE-2026-8566: Insufficient policy enforcement in Payments
- CVE-2026-8567: Integer overflow in ANGLE
- CVE-2026-8568: Insufficient policy enforcement in AI
- CVE-2026-8569: Out of bounds write in Codecs
- CVE-2026-8570: Type Confusion in V8
- CVE-2026-8571: Insufficient policy enforcement in GPU
- CVE-2026-8572: Insufficient policy enforcement in Network
- CVE-2026-8573: Integer overflow in Codecs
- CVE-2026-8574: Use after free in Core
- CVE-2026-8575: Use after free in UI
- CVE-2026-8576: Inappropriate implementation in CORS
- CVE-2026-8577: Integer overflow in Fonts
- CVE-2026-8578: Out of bounds read in GPU
- CVE-2026-8579: Insufficient validation of untrusted input in Skia
- CVE-2026-8580: Use after free in Mojo
- CVE-2026-8581: Use after free in GPU
- CVE-2026-8582: Object lifecycle issue in Dawn
- CVE-2026-8583: Insufficient policy enforcement in WebXR
- CVE-2026-8584: Inappropriate implementation in Views
- CVE-2026-8585: Inappropriate implementation in Media
- CVE-2026-8586: Inappropriate implementation in Chromoting
- CVE-2026-8587: Use after free in Extensions
chromium-148.0.7778.178-1.el9
FEDORA-EPEL-2026-d1c74ffb1b
Packages in this update:
- chromium-148.0.7778.178-1.el9
Update to 148.0.7778.178
- CVE-2026-9111: Use after free in WebRTC
- CVE-2026-9110: Inappropriate implementation in UI
- CVE-2026-9112: Use after free in GPU
- CVE-2026-9113: Out of bounds read in GPU
- CVE-2026-9114: Use after free in QUIC
- CVE-2026-9115: Insufficient policy enforcement in Service Worker
- CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
- CVE-2026-9117: Type Confusion in GFX
- CVE-2026-9118: Use after free in XR
- CVE-2026-9119: Heap buffer overflow in WebRTC
- CVE-2026-9120: Use after free in WebRTC
- CVE-2026-9126: Use after free in DOM
- CVE-2026-9121: Out of bounds read in GPU
- CVE-2026-9122: Out of bounds read in GPU
- CVE-2026-9123: Heap buffer overflow in Chromecast
- CVE-2026-9124: Insufficient validation of untrusted input in Input
chromium-148.0.7778.178-1.el10_2
FEDORA-EPEL-2026-9a7f44de0a
Packages in this update:
- chromium-148.0.7778.178-1.el10_2
Update to 148.0.7778.178
- CVE-2026-9111: Use after free in WebRTC
- CVE-2026-9110: Inappropriate implementation in UI
- CVE-2026-9112: Use after free in GPU
- CVE-2026-9113: Out of bounds read in GPU
- CVE-2026-9114: Use after free in QUIC
- CVE-2026-9115: Insufficient policy enforcement in Service Worker
- CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
- CVE-2026-9117: Type Confusion in GFX
- CVE-2026-9118: Use after free in XR
- CVE-2026-9119: Heap buffer overflow in WebRTC
- CVE-2026-9120: Use after free in WebRTC
- CVE-2026-9126: Use after free in DOM
- CVE-2026-9121: Out of bounds read in GPU
- CVE-2026-9122: Out of bounds read in GPU
- CVE-2026-9123: Heap buffer overflow in Chromecast
- CVE-2026-9124: Insufficient validation of untrusted input in Input
chromium-148.0.7778.178-1.fc44
FEDORA-2026-c758d44a9a
Packages in this update:
- chromium-148.0.7778.178-1.fc44
Update to 148.0.7778.178
- CVE-2026-9111: Use after free in WebRTC
- CVE-2026-9110: Inappropriate implementation in UI
- CVE-2026-9112: Use after free in GPU
- CVE-2026-9113: Out of bounds read in GPU
- CVE-2026-9114: Use after free in QUIC
- CVE-2026-9115: Insufficient policy enforcement in Service Worker
- CVE-2026-9116: Insufficient policy enforcement in ServiceWorker
- CVE-2026-9117: Type Confusion in GFX
- CVE-2026-9118: Use after free in XR
- CVE-2026-9119: Heap buffer overflow in WebRTC
- CVE-2026-9120: Use after free in WebRTC
- CVE-2026-9126: Use after free in DOM
- CVE-2026-9121: Out of bounds read in GPU
- CVE-2026-9122: Out of bounds read in GPU
- CVE-2026-9123: Heap buffer overflow in Chromecast
- CVE-2026-9124: Insufficient validation of untrusted input in Input
djvulibre-3.5.30-1.fc44
FEDORA-2026-956f05a733
Packages in this update:
- djvulibre-3.5.30-1.fc44
Update to 3.5.30.
djvulibre-3.5.30-1.fc42
FEDORA-2026-01aa80d160
Packages in this update:
- djvulibre-3.5.30-1.fc42
Update to 3.5.30.
djvulibre-3.5.30-1.fc43
FEDORA-2026-bfa185dbb3
Packages in this update:
- djvulibre-3.5.30-1.fc43
Update to 3.5.30.
kernel-6.19.14-108.fc42
FEDORA-2026-b9f338a467
Packages in this update:
- kernel-6.19.14-108.fc42
The 6.19.14-108 stable kernel update contains a couple if important security fixes.
xrdp-0.10.6-2.fc44
FEDORA-2026-9a3a98bc24
Packages in this update:
- xrdp-0.10.6-2.fc44
Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc.