Fedora Security Advisories

FEDORA-2026-e1669a5881 Packages in this update:

• libpng12-1.2.57-25.fc45

Update description:

Automatic update for libpng12-1.2.57-25.fc45.

Changelog * Wed Apr 1 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.2.57-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438670)

FEDORA-2026-dfa60d30bc Packages in this update:

• libpng15-1.5.30-25.fc45

Update description:

Automatic update for libpng15-1.5.30-25.fc45.

Changelog * Wed Apr 1 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.5.30-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438683)

FEDORA-2026-7fd284c688 Packages in this update:

• libcgif-0.5.3-1.fc44

Update description:

Version 0.5.3

• Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

FEDORA-2026-1a9f019f60 Packages in this update:

• libcgif-0.5.3-1.fc43

Update description:

Version 0.5.3

• Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

FEDORA-2026-7716e480cb Packages in this update:

• libcgif-0.5.3-1.fc42

Update description:

Version 0.5.3

• Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow CVE-2026-4985

FEDORA-2026-8de97987a6 Packages in this update:

• libcap-2.77-3.fc44

Update description:

Version 0.5.3

• Fix potential undefined behavior in cgif_addframe which could have led to an integer overflow

FEDORA-2026-4440b00e25 Packages in this update:

• opensc-0.27.1-1.fc43

Update description:

New upstream release (#2442363) fixing various security issues:

FEDORA-2026-8c5856afbb Packages in this update:

• opensc-0.27.1-1.fc44

Update description:

New upstream release (#2442363) fixing various security issues.

FEDORA-2026-6188cc51be Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc42

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-f89e555af4 Packages in this update:

• python-pydicom-3.0.2-1.fc42

Update description:

Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.

FEDORA-2026-86867aff2e Packages in this update:

• vim-9.2.272-1.fc44

Update description:

Security fix for CVE-2026-34714

FEDORA-2026-4802a7dbd4 Packages in this update:

• python-biopython-1.87-1.fc44

Update description:

• Release 1.87

FEDORA-2026-2953954ff3 Packages in this update:

• python-biopython-1.87-1.fc43

Update description:

• Release 1.87

FEDORA-2026-a67eba175f Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc43

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-1d6da76bba Packages in this update:

• cef-146.0.9^chromium146.0.7680.164-1.fc44

Update description:

Update to cef-146.0.9+g3ca6a87 + chromium 146.0.7680.164

• High CVE-2026-4673: Heap buffer overflow in WebAudio
• High CVE-2026-4674: Out of bounds read in CSS
• High CVE-2026-4675: Heap buffer overflow in WebGL
• High CVE-2026-4676: Use after free in Dawn
• High CVE-2026-4677: Out of bounds read in WebAudio
• High CVE-2026-4678: Use after free in WebGPU
• High CVE-2026-4679: Integer overflow in Fonts
• High CVE-2026-4680: Use after free in FedCM
• CVE-2026-4439: Out of bounds memory access in WebGL
• CVE-2026-4440: Out of bounds read and write in WebGL
• CVE-2026-4441: Use after free in Base
• CVE-2026-4442: Heap buffer overflow in CSS
• CVE-2026-4443: Heap buffer overflow in WebAudio
• CVE-2026-4444: Stack buffer overflow in WebRTC
• CVE-2026-4445: Use after free in WebRTC
• CVE-2026-4446: Use after free in WebRTC
• CVE-2026-4447: Inappropriate implementation in V8
• CVE-2026-4448: Heap buffer overflow in ANGLE
• CVE-2026-4449: Use after free in Blink
• CVE-2026-4450: Out of bounds write in V8
• CVE-2026-4451: Insufficient validation of untrusted input in Navigation
• CVE-2026-4452: Integer overflow in ANGLE
• CVE-2026-4453: Integer overflow in Dawn
• CVE-2026-4454: Use after free in Network
• CVE-2026-4455: Heap buffer overflow in PDFium
• CVE-2026-4456: Use after free in Digital Credentials API
• CVE-2026-4457: Type Confusion in V8
• CVE-2026-4458: Use after free in Extensions
• CVE-2026-4459: Out of bounds read and write in WebAudio
• CVE-2026-4460: Out of bounds read in Skia
• CVE-2026-4461: Inappropriate implementation in V8
• CVE-2026-4462: Out of bounds read in Blink
• CVE-2026-4463: Heap buffer overflow in WebRTC
• CVE-2026-4464: Integer overflow in ANGLE
• CVE-2026-3909: Out of bounds write in Ski
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3909: Out of bounds write in Skia
• CVE-2026-3910: Inappropriate implementation in V8
• CVE-2026-3913: Heap buffer overflow in WebML
• CVE-2026-3914: Integer overflow in WebML
• CVE-2026-3915: Heap buffer overflow in WebML
• CVE-2026-3916: Out of bounds read in Web Speech
• CVE-2026-3917: Use after free in Agents
• CVE-2026-3918: Use after free in WebMCP
• CVE-2026-3919: Use after free in Extensions
• CVE-2026-3920: Out of bounds memory access in WebML
• CVE-2026-3921: Use after free in TextEncoding
• CVE-2026-3922: Use after free in MediaStream
• CVE-2026-3923: Use after free in WebMIDI
• CVE-2026-3924: Use after free in WindowDialog
• CVE-2026-3925: Incorrect security UI in LookalikeChecks
• CVE-2026-3926: Out of bounds read in V8
• CVE-2026-3927: Incorrect security UI in PictureInPicture
• CVE-2026-3928: Insufficient policy enforcement in Extensions
• CVE-2026-3929: Side-channel information leakage in ResourceTiming
• CVE-2026-3930: Unsafe navigation in Navigation
• CVE-2026-3931: Heap buffer overflow in Skia
• CVE-2026-3932: Insufficient policy enforcement in PDF
• CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
• CVE-2026-3935: Incorrect security UI in WebAppInstalls
• CVE-2026-3936: Use after free in WebView
• CVE-2026-3937: Incorrect security UI in Downloads
• CVE-2026-3938: Insufficient policy enforcement in Clipboard
• CVE-2026-3939: Insufficient policy enforcement in PDF
• CVE-2026-3940: Insufficient policy enforcement in DevTools
• CVE-2026-3941: Insufficient policy enforcement in DevTools
• CVE-2026-3942: Incorrect security UI in PictureInPicture

FEDORA-2026-58dd426edd Packages in this update:

• perl-5.40.4-520.fc42
• perl-Devel-Cover-1.44-7.fc42
• perl-PAR-Packer-1.064-3.fc42
• polymake-4.15-3.fc42

Update description:

Update for Perl 5.40.4

FEDORA-2026-a9e11de877 Packages in this update:

• libcgif-0.5.2-2.fc44

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985

FEDORA-2026-a526fda5ec Packages in this update:

• libcgif-0.5.2-2.fc43

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985

FEDORA-2026-7c2a9830d7 Packages in this update:

• libcgif-0.5.2-2.fc42

Update description:

fix potential undefined behavior in cgif_addframe CVE-2026-4985

FEDORA-2026-f5c971af6c Packages in this update:

• python-pydicom-3.0.2-1.fc43

Update description:

Patch release for security advisory CVE-2026-32711. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root.