Fedora Security Advisories

avr-binutils-2.45-4.fc43.1

Fedora Security Advisories
5 days 6 hours ago
FEDORA-2026-10cccbf560 Packages in this update:
  • avr-binutils-2.45-4.fc43.1
Update description:
  • fix CVE-2025-11083: heap-based overflow
  • fix CVE-2025-11082: heap-based overflow
  • fix CVE-2025-11081: out-of-bounds read

avr-binutils-2.45-4.fc42.1

Fedora Security Advisories
5 days 6 hours ago
FEDORA-2026-405dab5af2 Packages in this update:
  • avr-binutils-2.45-4.fc42.1
Update description:
  • fix CVE-2025-11083: heap-based overflow
  • fix CVE-2025-11082: heap-based overflow
  • fix CVE-2025-11081: out-of-bounds read

cef-145.0.25^chromium145.0.7632.75-4.fc44

Fedora Security Advisories
1 week ago
FEDORA-2026-376794abc1 Packages in this update:
  • cef-145.0.25^chromium145.0.7632.75-4.fc44
Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

  • CVE-2026-1861: Heap buffer overflow in libvpx
  • CVE-2026-1862: Type Confusion in V8
  • CVE-2026-2313: Use after free in CSS
  • CVE-2026-2314: Heap buffer overflow in Codecs
  • CVE-2026-2315: Inappropriate implementation in WebGPU
  • CVE-2026-2316: Insufficient policy enforcement in Frames
  • CVE-2026-2317: Inappropriate implementation in Animation
  • CVE-2026-2318: Inappropriate implementation in PictureInPicture
  • CVE-2026-2319: Race in DevTools
  • CVE-2026-2320: Inappropriate implementation in File input
  • CVE-2026-2321: Use after free in Ozone
  • CVE-2026-2322: Inappropriate implementation in File input
  • CVE-2026-2323: Inappropriate implementation in Downloads
  • CVE-2026-2441: Use after free in CSS

cef-145.0.25^chromium145.0.7632.75-4.fc42

Fedora Security Advisories
1 week ago
FEDORA-2026-a48b5f36ec Packages in this update:
  • cef-145.0.25^chromium145.0.7632.75-4.fc42
Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

  • CVE-2026-1861: Heap buffer overflow in libvpx
  • CVE-2026-1862: Type Confusion in V8
  • CVE-2026-2313: Use after free in CSS
  • CVE-2026-2314: Heap buffer overflow in Codecs
  • CVE-2026-2315: Inappropriate implementation in WebGPU
  • CVE-2026-2316: Insufficient policy enforcement in Frames
  • CVE-2026-2317: Inappropriate implementation in Animation
  • CVE-2026-2318: Inappropriate implementation in PictureInPicture
  • CVE-2026-2319: Race in DevTools
  • CVE-2026-2320: Inappropriate implementation in File input
  • CVE-2026-2321: Use after free in Ozone
  • CVE-2026-2322: Inappropriate implementation in File input
  • CVE-2026-2323: Inappropriate implementation in Downloads
  • CVE-2026-2441: Use after free in CSS

cef-145.0.25^chromium145.0.7632.75-4.fc43

Fedora Security Advisories
1 week ago
FEDORA-2026-0bced5158d Packages in this update:
  • cef-145.0.25^chromium145.0.7632.75-4.fc43
Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

  • CVE-2026-1861: Heap buffer overflow in libvpx
  • CVE-2026-1862: Type Confusion in V8
  • CVE-2026-2313: Use after free in CSS
  • CVE-2026-2314: Heap buffer overflow in Codecs
  • CVE-2026-2315: Inappropriate implementation in WebGPU
  • CVE-2026-2316: Insufficient policy enforcement in Frames
  • CVE-2026-2317: Inappropriate implementation in Animation
  • CVE-2026-2318: Inappropriate implementation in PictureInPicture
  • CVE-2026-2319: Race in DevTools
  • CVE-2026-2320: Inappropriate implementation in File input
  • CVE-2026-2321: Use after free in Ozone
  • CVE-2026-2322: Inappropriate implementation in File input
  • CVE-2026-2323: Inappropriate implementation in Downloads
  • CVE-2026-2441: Use after free in CSS

python-django4.2-4.2.28-1.el9

Fedora Security Advisories
1 week 1 day ago
FEDORA-EPEL-2026-e4c468db6d Packages in this update:
  • python-django4.2-4.2.28-1.el9
Update description:
  • Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
  • Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
  • Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
  • Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  • Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
  • Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

python-django4.2-4.2.28-1.fc42

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-ca3d81129a Packages in this update:
  • python-django4.2-4.2.28-1.fc42
Update description:
  • Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
  • Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
  • Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
  • Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  • Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
  • Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

python-django5-5.2.11-1.fc43

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-3adb735295 Packages in this update:
  • python-django5-5.2.11-1.fc43
Update description:
  • Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
  • Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
  • Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
  • Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  • Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
  • Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
  • Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
  • Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting

python-django5-5.2.11-1.fc42

Fedora Security Advisories
1 week 1 day ago
FEDORA-2026-00b5bf3150 Packages in this update:
  • python-django5-5.2.11-1.fc42
Update description:
  • Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
  • Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
  • Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
  • Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
  • Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
  • Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
  • Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
  • Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting
Checked
15 minutes 25 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security