Fedora Security Advisories

FEDORA-2026-e14350a7de Packages in this update:

• rust-rustls-webpki-0.103.10-1.fc44

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-EPEL-2026-1460f79f2c Packages in this update:

• rust-rustls-webpki-0.103.10-1.el10_3

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-EPEL-2026-860e57b32b Packages in this update:

• rust-rustls-webpki-0.103.10-1.el10_2

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-EPEL-2026-e6e6228edf Packages in this update:

• rust-rustls-webpki-0.103.10-1.el9

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-2026-efe3ef6f55 Packages in this update:

• rust-rustls-webpki-0.103.10-1.fc43

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-2026-334414b5e8 Packages in this update:

• rust-rustls-webpki-0.103.10-1.fc42

Update description:

Update to version 0.103.10. Addresses RUSTSEC-2026-0049.

Update to version 0.103.9.

FEDORA-2026-6502cee6c2 Packages in this update:

• webkitgtk-2.52.0-1.fc44

Update description:

Update to 2.52.0:

• Make text look like in other browsers by blending in linear color space.
• Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.
• Improved composition scheduling to avoid blocking waiting for tile painting.
• Improved performance of accelerated 2D canvas by recording operations for batched replay.
• Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread.
• Enabled dynamic MSAA for accelerated 2D canvas rendering.
• Improved text rendering performance
• Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out.
• Added support for the Audio Output Devices API.
• Added API to handle WebXR permission requests.
• Added API to query the immersive session status.
• Added initial API for web extensions.

• Make text look like in other browsers by blending in linear color space.
• Avoid composition for non visible layers with running animations.
• Fix several crashes and rendering issues.

• Fix PDF rendering broken by the accelerated 2D canvas performance improvements.
• Fix flickering while scrolling in some edge cases.
• Support for rotation and mirroring in internal WebCodecs encoder.
• System fallback font selection no longer takes style into account.
• Fix several crashes and rendering issues.

FEDORA-2026-431948187d Packages in this update:

• webkitgtk-2.52.0-1.fc43

Update description:

Update to 2.52.0:

• Make text look like in other browsers by blending in linear color space.
• Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.
• Improved composition scheduling to avoid blocking waiting for tile painting.
• Improved performance of accelerated 2D canvas by recording operations for batched replay.
• Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread.
• Enabled dynamic MSAA for accelerated 2D canvas rendering.
• Improved text rendering performance
• Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out.
• Added support for the Audio Output Devices API.
• Added API to handle WebXR permission requests.
• Added API to query the immersive session status.
• Added initial API for web extensions.

FEDORA-EPEL-2026-0277a2c7b8 Packages in this update:

• rust-scx_rusty-0.5.4-8.el9

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-EPEL-2026-cd2104298b Packages in this update:

• rust-scx_rustland-0.0.3-8.el9

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-EPEL-2026-4648180b23 Packages in this update:

• rust-scx_layered-0.0.6-8.el9

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-57fce98ef9 Packages in this update:

• rust-sccache-0.12.0-4.fc42

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-6227013c47 Packages in this update:

• rust-scx_layered-0.0.6-8.fc42

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-3e4a2ef21b Packages in this update:

• rust-scx_rustland-0.0.3-8.fc42

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-66bd2898f2 Packages in this update:

• rust-scx_rusty-0.5.4-8.fc42

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-6ff037cd05 Packages in this update:

• rust-scx_rusty-0.5.4-8.fc43

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-51d92325e2 Packages in this update:

• rust-scx_rustland-0.0.3-8.fc43

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-2026-9aa04df1ea Packages in this update:

• rust-scx_layered-0.0.6-8.fc43

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-EPEL-2026-118c328366 Packages in this update:

• rust-cargo-c-0.10.14-3.el9

Update description:

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056

FEDORA-EPEL-2026-bc78883aa2 Packages in this update:

• chromium-146.0.7680.153-1.el10_3

Update description:

Update to 146.0.7680.153

* CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE