python3.13-3.13.14-1.fc43
FEDORA-2026-2deb979d80
Packages in this update:
- python3.13-3.13.14-1.fc43
New Python release including bugfixes and security fixes.
Fedora Security Advisories
python3.13-3.13.14-1.fc44
FEDORA-2026-dfc9182263
Packages in this update:
- python3.13-3.13.14-1.fc44
New Python version including bugfixes and security fixes.
perl-Crypt-PBKDF2-0.261630-1.fc44
FEDORA-2026-5b12cc327e
Packages in this update:
- perl-Crypt-PBKDF2-0.261630-1.fc44
This update addresses a number of security issues:
- Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
- Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
- Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)
perl-Crypt-PBKDF2-0.261630-1.el10_3
FEDORA-EPEL-2026-02984212ed
Packages in this update:
- perl-Crypt-PBKDF2-0.261630-1.el10_3
This update addresses a number of security issues:
- Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
- Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
- Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)
perl-Crypt-PBKDF2-0.261630-1.el10_2
FEDORA-EPEL-2026-ee9885ce31
Packages in this update:
- perl-Crypt-PBKDF2-0.261630-1.el10_2
This update addresses a number of security issues:
- Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
- Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
- Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)
perl-Crypt-PBKDF2-0.261630-1.el9
FEDORA-EPEL-2026-c5b8fc5fd2
Packages in this update:
- perl-Crypt-PBKDF2-0.261630-1.el9
This update addresses a number of security issues:
- Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
- Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
- Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)
perl-Crypt-PBKDF2-0.261630-1.fc43
FEDORA-2026-e8231b773d
Packages in this update:
- perl-Crypt-PBKDF2-0.261630-1.fc43
This update addresses a number of security issues:
- Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641)
- Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin rand(), which is not cryptographically secure (CVE-2026-9638)
- Use a constant-time comparison in validate to avoid timing attacks (CVE-2017-20240)
python3-docs-3.14.6-1.fc43 python3.14-3.14.6-1.fc43
FEDORA-2026-b17b2a984a
Packages in this update:
- python3.14-3.14.6-1.fc43
- python3-docs-3.14.6-1.fc43
New Python release including bugfixes and security fixes.
frr-10.6.1-1.fc45 grout-0.16.0-1.fc45
FEDORA-2026-cb34486b1a
Packages in this update:
- frr-10.6.1-1.fc45
- grout-0.16.0-1.fc45
New version of frr and grout. I am keeping libyang to version 3 at the moment due to recommendations from https://github.com/FRRouting/frr/blob/master/doc/developer/building-libyang.rst. Once changes to build with libyang5 land, I will rebase libyang as well.
frr-10.6.1-1.fc44 grout-0.16.0-1.fc44
FEDORA-2026-28949d21e5
Packages in this update:
- frr-10.6.1-1.fc44
- grout-0.16.0-1.fc44
New version of frr and grout. I am keeping libyang to version 3 at the moment due to recommendations from https://github.com/FRRouting/frr/blob/master/doc/developer/building-libyang.rst. Once changes to build with libyang5 land, I will rebase libyang as well.
ansible-core-2.18.18~rc1-1.fc43
FEDORA-2026-f027f57724
Packages in this update:
- ansible-core-2.18.18~rc1-1.fc43
- Mitigates CVE-2026-11332 (rhbz#2485397)
ansible-core-2.20.7~rc1-1.fc44
FEDORA-2026-7f70f809f0
Packages in this update:
- ansible-core-2.20.7~rc1-1.fc44
- Mitigates CVE-2026-11332 (rhbz#2485397)
atril-1.26.4-1.el8
FEDORA-EPEL-2026-c0bb6674c7
Packages in this update:
- atril-1.26.4-1.el8
- epub: use g_strndup for parsing document path
- epub: validate epub content before parsing
- epub: Avoid crash when index list has extraneous entry
- fix a incompatible pointer type warning for gcc14
- Fix build with libxml2 2.12
- fix memleak
- pdf: Always use poppler_document_save to avoid data loss
- ev-application: Quote user-supplied strings in ev_spawn command line
atril-1.26.4-1.el9
FEDORA-EPEL-2026-abc540be8b
Packages in this update:
- atril-1.26.4-1.el9
- epub: use g_strndup for parsing document path
- epub: validate epub content before parsing
- epub: Avoid crash when index list has extraneous entry
- fix a incompatible pointer type warning for gcc14
- Fix build with libxml2 2.12
- fix memleak
- pdf: Always use poppler_document_save to avoid data loss
- ev-application: Quote user-supplied strings in ev_spawn command line
chromium-149.0.7827.102-1.fc44
FEDORA-2026-2debc85b3c
Packages in this update:
- chromium-149.0.7827.102-1.fc44
Update to 149.0.7827.102
- CVE-2026-11628: Use after free in Ozone
- CVE-2026-11629: Use after free in Ozone
- CVE-2026-11630: Use after free in File Input
- CVE-2026-11631: Use after free in Aura
- CVE-2026-11632: Use after free in TabStrip
- CVE-2026-11633: Use after free in Bluetooth
- CVE-2026-11634: Use after free in Gamepad
- CVE-2026-11635: Use after free in Bluetooth
- CVE-2026-11636: Use after free in Autofill
- CVE-2026-11637: Use after free in Views
- CVE-2026-11638: Use after free in Printing
- CVE-2026-11639: Use after free in Compositing
- CVE-2026-11640: Integer overflow in libyuv
- CVE-2026-11641: Use after free in Bluetooth
- CVE-2026-11642: Use after free in Web Apps
- CVE-2026-11643: Use after free in Proxy
- CVE-2026-11644: Use after free in Views
- CVE-2026-11645: Out of bounds memory access in V8
- CVE-2026-11646: Use after free in ViewTransitions
- CVE-2026-11647: Use after free in Printing
- CVE-2026-11648: Use after free in FullScreen
- CVE-2026-11649: Use after free in V8
- CVE-2026-11650: Use after free in V8
- CVE-2026-11651: Use after free in Network
- CVE-2026-11652: Use after free in Extensions
- CVE-2026-11653: Insufficient validation of untrusted input in Extensions
- CVE-2026-11654: Use after free in CameraCapture
- CVE-2026-11655: Integer overflow in Media
- CVE-2026-11656: Use after free in ServiceWorker
- CVE-2026-11657: Use after free in Payments
- CVE-2026-11658: Insufficient validation of untrusted input in Extensions
- CVE-2026-11659: Insufficient validation of untrusted input in UI
- CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
- CVE-2026-11661: Use after free in Views
- CVE-2026-11662: Type Confusion in Bindings
- CVE-2026-11663: Use after free in Skia
- CVE-2026-11664: Use after free in Payments
- CVE-2026-11665: Out of bounds read in Dawn
- CVE-2026-11666: Insufficient validation of untrusted input in Input
- CVE-2026-11667: Out of bounds read in WebRTC
- CVE-2026-11668: Uninitialized Use in Codecs
- CVE-2026-11669: Integer overflow in Media
- CVE-2026-11670: Use after free in PDF
- CVE-2026-11671: Use after free in Navigation
- CVE-2026-11672: Out of bounds write in GPU
- CVE-2026-11673: Use after free in InterestGroups
- CVE-2026-11674: Use after free in Guest View
- CVE-2026-11675: Insufficient validation of untrusted input in Skia
- CVE-2026-11676: Insufficient validation of untrusted input in Dawn
- CVE-2026-11677: Race in Network
- CVE-2026-11678: Integer overflow in libyuv
- CVE-2026-11679: Use after free in Codecs
- CVE-2026-11680: Use after free in Media
- CVE-2026-11681: Use after free in Ozone
- CVE-2026-11682: Insufficient validation of untrusted input in Views
- CVE-2026-11683: Use after free in WebCodecs
- CVE-2026-11684: Insufficient policy enforcement in Network
- CVE-2026-11685: Insufficient data validation in MediaCapture
- CVE-2026-11686: Insufficient validation of untrusted input in Dawn
- CVE-2026-11687: Use after free in Dawn
- CVE-2026-11688: Object lifecycle issue in SVG
- CVE-2026-11689: Insufficient validation of untrusted input in Passwords
- CVE-2026-11690: Out of bounds read and write in Media
- CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
- CVE-2026-11692: Use after free in Read Anything
- CVE-2026-11693: Inappropriate implementation in Plugins
- CVE-2026-11694: Use after free in ServiceWorker
- CVE-2026-11695: Inappropriate implementation in Passwords
- CVE-2026-11696: Uninitialized Use in Video
- CVE-2026-11697: Insufficient validation of untrusted input in UI
- CVE-2026-11698: Use after free in Bluetooth
- CVE-2026-11699: Use after free in Bluetooth
- CVE-2026-11700: Use after free in Tracing
- CVE-2026-11701: Insufficient validation of untrusted input in Guest View
chromium-149.0.7827.102-1.fc43
FEDORA-2026-c5c0986fb6
Packages in this update:
- chromium-149.0.7827.102-1.fc43
Update to 149.0.7827.102
- CVE-2026-11628: Use after free in Ozone
- CVE-2026-11629: Use after free in Ozone
- CVE-2026-11630: Use after free in File Input
- CVE-2026-11631: Use after free in Aura
- CVE-2026-11632: Use after free in TabStrip
- CVE-2026-11633: Use after free in Bluetooth
- CVE-2026-11634: Use after free in Gamepad
- CVE-2026-11635: Use after free in Bluetooth
- CVE-2026-11636: Use after free in Autofill
- CVE-2026-11637: Use after free in Views
- CVE-2026-11638: Use after free in Printing
- CVE-2026-11639: Use after free in Compositing
- CVE-2026-11640: Integer overflow in libyuv
- CVE-2026-11641: Use after free in Bluetooth
- CVE-2026-11642: Use after free in Web Apps
- CVE-2026-11643: Use after free in Proxy
- CVE-2026-11644: Use after free in Views
- CVE-2026-11645: Out of bounds memory access in V8
- CVE-2026-11646: Use after free in ViewTransitions
- CVE-2026-11647: Use after free in Printing
- CVE-2026-11648: Use after free in FullScreen
- CVE-2026-11649: Use after free in V8
- CVE-2026-11650: Use after free in V8
- CVE-2026-11651: Use after free in Network
- CVE-2026-11652: Use after free in Extensions
- CVE-2026-11653: Insufficient validation of untrusted input in Extensions
- CVE-2026-11654: Use after free in CameraCapture
- CVE-2026-11655: Integer overflow in Media
- CVE-2026-11656: Use after free in ServiceWorker
- CVE-2026-11657: Use after free in Payments
- CVE-2026-11658: Insufficient validation of untrusted input in Extensions
- CVE-2026-11659: Insufficient validation of untrusted input in UI
- CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
- CVE-2026-11661: Use after free in Views
- CVE-2026-11662: Type Confusion in Bindings
- CVE-2026-11663: Use after free in Skia
- CVE-2026-11664: Use after free in Payments
- CVE-2026-11665: Out of bounds read in Dawn
- CVE-2026-11666: Insufficient validation of untrusted input in Input
- CVE-2026-11667: Out of bounds read in WebRTC
- CVE-2026-11668: Uninitialized Use in Codecs
- CVE-2026-11669: Integer overflow in Media
- CVE-2026-11670: Use after free in PDF
- CVE-2026-11671: Use after free in Navigation
- CVE-2026-11672: Out of bounds write in GPU
- CVE-2026-11673: Use after free in InterestGroups
- CVE-2026-11674: Use after free in Guest View
- CVE-2026-11675: Insufficient validation of untrusted input in Skia
- CVE-2026-11676: Insufficient validation of untrusted input in Dawn
- CVE-2026-11677: Race in Network
- CVE-2026-11678: Integer overflow in libyuv
- CVE-2026-11679: Use after free in Codecs
- CVE-2026-11680: Use after free in Media
- CVE-2026-11681: Use after free in Ozone
- CVE-2026-11682: Insufficient validation of untrusted input in Views
- CVE-2026-11683: Use after free in WebCodecs
- CVE-2026-11684: Insufficient policy enforcement in Network
- CVE-2026-11685: Insufficient data validation in MediaCapture
- CVE-2026-11686: Insufficient validation of untrusted input in Dawn
- CVE-2026-11687: Use after free in Dawn
- CVE-2026-11688: Object lifecycle issue in SVG
- CVE-2026-11689: Insufficient validation of untrusted input in Passwords
- CVE-2026-11690: Out of bounds read and write in Media
- CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
- CVE-2026-11692: Use after free in Read Anything
- CVE-2026-11693: Inappropriate implementation in Plugins
- CVE-2026-11694: Use after free in ServiceWorker
- CVE-2026-11695: Inappropriate implementation in Passwords
- CVE-2026-11696: Uninitialized Use in Video
- CVE-2026-11697: Insufficient validation of untrusted input in UI
- CVE-2026-11698: Use after free in Bluetooth
- CVE-2026-11699: Use after free in Bluetooth
- CVE-2026-11700: Use after free in Tracing
- CVE-2026-11701: Insufficient validation of untrusted input in Guest View
Update to 149.0.7827.53
- fix 429 CVEs ( CVE-2026-10881 through CVE-2026-11309)
perl-Config-IniFiles-3.001000-1.fc43
FEDORA-2026-3cce371bdf
Packages in this update:
- perl-Config-IniFiles-3.001000-1.fc43
Update to 3.001000, fixes CVE-2026-11527
perl-Config-IniFiles-3.001000-1.el10_2
FEDORA-EPEL-2026-0e5f31b975
Packages in this update:
- perl-Config-IniFiles-3.001000-1.el10_2
Update to 3.001000, fixes CVE-2026-11527
perl-Config-IniFiles-3.001000-1.el9
FEDORA-EPEL-2026-525901a90e
Packages in this update:
- perl-Config-IniFiles-3.001000-1.el9
Update to 3.001000, fixes CVE-2026-11527
perl-Config-IniFiles-3.001000-1.el8
FEDORA-EPEL-2026-5617bbdfc0
Packages in this update:
- perl-Config-IniFiles-3.001000-1.el8
Update to 3.001000, fixes CVE-2026-11527