Fedora Security Advisories

FEDORA-2026-ad9e109ad8 Packages in this update:

• xrdp-0.10.6-1.fc44

Update description:

Security fixes

• CVE-2026-32105
• CVE-2026-32107
• CVE-2026-32623
• CVE-2026-32624
• CVE-2026-33145
• CVE-2026-33516
• CVE-2026-33689
• CVE-2026-35512

New features

• Support for xorgxrdp bug fixes #249 and #342 (#3721)

Bug fixes

• Honour pass_shell_as_env setting only if user sets a shell (#3725)
• We no longer try to create a NULL authentication file when using VNC over UDS (#3727)
• Problems with the Brazilian ABNT2 keyboard mapping have been corrected (#3728 3736)
• A 'file exists' error when installing xrdp over an existing installation has been addressed (#3780)

FEDORA-2026-bb0e94c26c Packages in this update:

• python3.12-3.12.13-3.fc44

Update description:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE-2026-3644, CVE-2026-4224

FEDORA-2026-f684007460 Packages in this update:

• python3.12-3.12.13-3.fc43

Update description:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE-2026-3644, CVE-2026-4224

FEDORA-2026-30fbc5a8b2 Packages in this update:

• python3.12-3.12.13-3.fc42

Update description:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE-2026-3644, CVE-2026-4224

FEDORA-2026-2dfcf9d705 Packages in this update:

• python3.12-3.12.13-3.fc45

Update description:

Automatic update for python3.12-3.12.13-3.fc45.

Changelog * Thu Apr 16 2026 Charalampos Stratakis <cstratak@redhat.com> - 3.12.13-3 - Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE-2026-3644, CVE-2026-4224 Resolves: rhbz#2444705, rhbz#2448189, rhbz#2448205, rhbz#2457942, rhbz#2458014, rhbz#2458222

FEDORA-2026-6e657e937a Packages in this update:

• python3.11-3.11.15-4.fc44

Update description:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224

FEDORA-2026-952616f3d6 Packages in this update:

• python3.11-3.11.15-4.fc43

Update description:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224

FEDORA-2026-dd34c4467b Packages in this update:

• python3.11-3.11.15-4.fc42

Update description:

Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224

FEDORA-EPEL-2026-aa4ed82378 Packages in this update:

• sleuthkit-4.15.0-2.el10_3

Update description:

Update to 4.15.0

FEDORA-EPEL-2026-dbd1189b1b Packages in this update:

• sleuthkit-4.15.0-3.el8

Update description:

Update to 4.15.0

FEDORA-2026-34454fdb74 Packages in this update:

• cups-2.4.17-1.fc42

Update description:

2.4.17 - security fixes for CVE-2026-39316, CVE-2026-39314, CVE-2026-34979, CVE-2026-34990, CVE-2026-27447, CVE-2026-34978

FEDORA-2026-82a2214b53 Packages in this update:

• cups-2.4.17-1.fc43

Update description:

2.4.17 - security fixes for CVE-2026-39316, CVE-2026-39314, CVE-2026-34979, CVE-2026-34990, CVE-2026-27447, CVE-2026-34978

FEDORA-2026-bce5853e95 Packages in this update:

• cups-2.4.17-1.fc44

Update description:

2.4.17 - security fixes for CVE-2026-39316, CVE-2026-39314, CVE-2026-34979, CVE-2026-34990, CVE-2026-27447, CVE-2026-34978

FEDORA-2026-7d1173fd68 Packages in this update:

• cups-2.4.17-1.fc45

Update description:

Automatic update for cups-2.4.17-1.fc45.

Changelog * Fri Apr 17 2026 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.4.17-1 - 2.4.17 (fedora#2456363, fedora#2456362, fedora#2454994, fedora#2454993, fedora#2454992, fedora#2454990)

FEDORA-2026-a5ba8297fd Packages in this update:

• python3.11-3.11.15-4.fc45

Update description:

Automatic update for python3.11-3.11.15-4.fc45.

Changelog * Fri Apr 17 2026 Charalampos Stratakis <cstratak@redhat.com> - 3.11.15-4 - Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224 Resolves: rhbz#2457941, rhbz#2458221, rhbz#2458013, rhbz#2444704, rhbz#2448188, rhbz#2448204 * Sat Apr 11 2026 Miro Hrončok <mhroncok@redhat.com> - 3.11.15-3 - Explicitly build with OpenSSL 3

FEDORA-2026-148e35657a Packages in this update:

• libcoap-4.3.5b-1.fc44

Update description:

Update to 4.3.5b

FEDORA-2026-0ce923a09d Packages in this update:

• libcoap-4.3.5b-1.fc43

Update description:

Update to 4.3.5b

FEDORA-2026-a8ee24f019 Packages in this update:

• libcoap-4.3.5b-1.fc42

Update description:

Update to 4.3.5b

FEDORA-2026-d3c82235d4 Packages in this update:

• chromium-147.0.7727.101-1.fc43

Update description:

Update to 147.0.7727.101

• Critical CVE-2026-6296: Heap buffer overflow in ANGLE
• Critical CVE-2026-6297: Use after free in Proxy
• Critical CVE-2026-6298: Heap buffer overflow in Skia
• Critical CVE-2026-6299: Use after free in Prerender
• Critical CVE-2026-6358: Use after free in XR
• High CVE-2026-6359: Use after free in Video
• High CVE-2026-6300: Use after free in CSS
• High CVE-2026-6301: Type Confusion in Turbofan
• High CVE-2026-6302: Use after free in Video
• High CVE-2026-6303: Use after free in Codecs
• High CVE-2026-6304: Use after free in Graphite
• High CVE-2026-6305: Heap buffer overflow in PDFium
• High CVE-2026-6306: Heap buffer overflow in PDFium
• High CVE-2026-6307: Type Confusion in Turbofan
• High CVE-2026-6308: Out of bounds read in Media
• High CVE-2026-6309: Use after free in Viz
• High CVE-2026-6360: Use after free in FileSystem
• High CVE-2026-6310: Use after free in Dawn
• High CVE-2026-6311: Uninitialized Use in Accessibility
• High CVE-2026-6312: Insufficient policy enforcement in Passwords
• High CVE-2026-6313: Insufficient policy enforcement in CORS
• High CVE-2026-6314: Out of bounds write in GPU
• High CVE-2026-6315: Use after free in Permissions
• High CVE-2026-6316: Use after free in Forms
• High CVE-2026-6361: Heap buffer overflow in PDFium
• High CVE-2026-6362: Use after free in Codecs
• High CVE-2026-6317: Use after free in Cast
• Medium CVE-2026-6363: Type Confusion in V8
• Medium CVE-2026-6318: Use after free in Codecs
• Medium CVE-2026-6319: Use after free in Payments
• Medium CVE-2026-6364: Out of bounds read in Skia

FEDORA-EPEL-2026-c7fa5f9be3 Packages in this update:

• chromium-147.0.7727.101-1.el10_2

Update description:

Update to 147.0.7727.101

• Critical CVE-2026-6296: Heap buffer overflow in ANGLE
• Critical CVE-2026-6297: Use after free in Proxy
• Critical CVE-2026-6298: Heap buffer overflow in Skia
• Critical CVE-2026-6299: Use after free in Prerender
• Critical CVE-2026-6358: Use after free in XR
• High CVE-2026-6359: Use after free in Video
• High CVE-2026-6300: Use after free in CSS
• High CVE-2026-6301: Type Confusion in Turbofan
• High CVE-2026-6302: Use after free in Video
• High CVE-2026-6303: Use after free in Codecs
• High CVE-2026-6304: Use after free in Graphite
• High CVE-2026-6305: Heap buffer overflow in PDFium
• High CVE-2026-6306: Heap buffer overflow in PDFium
• High CVE-2026-6307: Type Confusion in Turbofan
• High CVE-2026-6308: Out of bounds read in Media
• High CVE-2026-6309: Use after free in Viz
• High CVE-2026-6360: Use after free in FileSystem
• High CVE-2026-6310: Use after free in Dawn
• High CVE-2026-6311: Uninitialized Use in Accessibility
• High CVE-2026-6312: Insufficient policy enforcement in Passwords
• High CVE-2026-6313: Insufficient policy enforcement in CORS
• High CVE-2026-6314: Out of bounds write in GPU
• High CVE-2026-6315: Use after free in Permissions
• High CVE-2026-6316: Use after free in Forms
• High CVE-2026-6361: Heap buffer overflow in PDFium
• High CVE-2026-6362: Use after free in Codecs
• High CVE-2026-6317: Use after free in Cast
• Medium CVE-2026-6363: Type Confusion in V8
• Medium CVE-2026-6318: Use after free in Codecs
• Medium CVE-2026-6319: Use after free in Payments
• Medium CVE-2026-6364: Out of bounds read in Skia