Fedora Security Advisories

• chromium-147.0.7727.137-1.el10_1

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• chromium-147.0.7727.137-1.el9

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• chromium-147.0.7727.137-1.el10_2

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• proftpd-1.3.9a-1.fc44

Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via mod_sql (CVE-2026-42167). Note that mod_sql is not enabled by default.

• proftpd-1.3.9a-1.el10_3

Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via mod_sql (CVE-2026-42167). Note that mod_sql is not enabled by default.

• proftpd-1.3.9a-1.fc42

Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via mod_sql (CVE-2026-42167). Note that mod_sql is not enabled by default.

• proftpd-1.3.9a-1.fc43

Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via mod_sql (CVE-2026-42167). Note that mod_sql is not enabled by default.

• proftpd-1.3.9a-1.el10_1

Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via mod_sql (CVE-2026-42167). Note that mod_sql is not enabled by default.

• proftpd-1.3.9a-1.el10_2

Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via mod_sql (CVE-2026-42167). Note that mod_sql is not enabled by default.

• nodejs22-22.22.2-2.fc43

Update to version 22.22.2

• nodejs22-22.22.2-3.fc44

Update to version 22.22.2

• nano-8.5-3.fc43

• fix CVE-2026-6842 and CVE-29026-6843

Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz#2455127 Resolves: rhbz#2455314

• nano-8.7.1-2.fc44

• fix CVE-2026-6842 and CVE-29026-6843

Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz#2455127 Resolves: rhbz#2455314

• nano-8.3-4.fc42

• fix CVE-2026-6842 and CVE-29026-6843

Resolves: CVE-2026-6842 Resolves: CVE-2026-6843 Resolves: rhbz#2455127 Resolves: rhbz#2455314

• chromium-147.0.7727.137-1.fc44

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• chromium-147.0.7727.137-1.fc43

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• chromium-147.0.7727.137-1.fc42

The updates include fixes for:

• Critical CVE-2026-7363: Use after free in Canvas
• Critical CVE-2026-7361: Use after free in iOS
• Critical CVE-2026-7344: Use after free in Accessibility
• Critical CVE-2026-7343: Use after free in Views
• High CVE-2026-7333: Use after free in GPU
• High CVE-2026-7360: Insufficient validation of untrusted input in Compositing
• High CVE-2026-7359: Use after free in ANGLE
• High CVE-2026-7358: Use after free in Animation
• High CVE-2026-7334: Use after free in Views
• High CVE-2026-7357: Use after free in GPU
• High CVE-2026-7356: Use after free in Navigation
• High CVE-2026-7354: Out of bounds read and write in Angle
• High CVE-2026-7353: Heap buffer overflow in Skia
• High CVE-2026-7352: Use after free in Media
• High CVE-2026-7351: Race in MHTML
• High CVE-2026-7350: Use after free in WebMIDI
• High CVE-2026-7349: Use after free in Cast
• High CVE-2026-7348: Use after free in Codecs
• High CVE-2026-7335: Use after free in media
• High CVE-2026-7336: Use after free in WebRTC
• High CVE-2026-7337: Type Confusion in V8
• High CVE-2026-7347: Use after free in Chromoting
• High CVE-2026-7346: Inappropriate implementation in Tint
• High CVE-2026-7345: Insufficient validation of untrusted input in Feedback
• High CVE-2026-7338: Use after free in Cast
• High CVE-2026-7342: Use after free in WebView
• High CVE-2026-7341: Use after free in WebRTC
• Medium CVE-2026-7339: Heap buffer overflow in WebRTC
• Medium CVE-2026-7340: Integer overflow in ANGLE
• Medium CVE-2026-7355: Use after free in Media

• proftpd-1.3.8d-2.el9

This update fixes a potential SQL injection via mod_sql (CVE-2026-42167).

The mod_sql module is not enabled by default.

• xen-4.19.5-2.fc42

oxenstored keeps quota related use counts across domain destruction [XSA-483, CVE-2026-23556] Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557] grant table v2 race in status page mapping [XSA-486, CVE-2026-23558] x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]

• xen-4.20.3-2.fc43

oxenstored keeps quota related use counts across domain destruction [XSA-483, CVE-2026-23556] Xenstored DoS via XS_RESET_WATCHES command [XSA-484, CVE-2026-23557] grant table v2 race in status page mapping [XSA-486, CVE-2026-23558] x86: Floating Point Divider State Sampling [XSA-488, CVE-2025-54505]