Fedora Security Advisories

freerdp-3.24.0-1.fc44

Fedora Security Advisories
3 days 10 hours ago
FEDORA-2026-2c1ab5b23b Packages in this update:
  • freerdp-3.24.0-1.fc44
Update description:

Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776, CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897)

freerdp-3.24.0-1.fc45

Fedora Security Advisories
3 days 11 hours ago
FEDORA-2026-bf4c5bb9c5 Packages in this update:
  • freerdp-3.24.0-1.fc45
Update description:

Automatic update for freerdp-3.24.0-1.fc45.

Changelog * Mon Mar 16 2026 Ondrej Holy <oholy@redhat.com> - 2:3.24.0-1 - Update to 3.24.0 (CVE-2026-29774, CVE-2026-29775, CVE-2026-29776, CVE-2026-31806, CVE-2026-31883, CVE-2026-31884, CVE-2026-31885, CVE-2026-31897) Resolves: rhbz#2447295, rhbz#2447393, rhbz#2447412, rhbz#2447415 Resolves: rhbz#2447417, rhbz#2447419, rhbz#2447423, rhbz#2447428 Resolves: rhbz#2447431

chromium-146.0.7680.71-1.el9

Fedora Security Advisories
4 days 10 hours ago
FEDORA-EPEL-2026-4346a0ff32 Packages in this update:
  • chromium-146.0.7680.71-1.el9
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

chromium-146.0.7680.71-1.el10_1

Fedora Security Advisories
5 days 10 hours ago
FEDORA-EPEL-2026-9209f91f93 Packages in this update:
  • chromium-146.0.7680.71-1.el10_1
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

chromium-146.0.7680.71-1.fc42

Fedora Security Advisories
5 days 10 hours ago
FEDORA-2026-e71e71d1fe Packages in this update:
  • chromium-146.0.7680.71-1.fc42
Update description:

Update to 146.0.7680.71

  • CVE-2026-3913: Heap buffer overflow in WebML
  • CVE-2026-3914: Integer overflow in WebML
  • CVE-2026-3915: Heap buffer overflow in WebML
  • CVE-2026-3916: Out of bounds read in Web Speech
  • CVE-2026-3917: Use after free in Agents
  • CVE-2026-3918: Use after free in WebMCP
  • CVE-2026-3919: Use after free in Extensions
  • CVE-2026-3920: Out of bounds memory access in WebML
  • CVE-2026-3921: Use after free in TextEncoding
  • CVE-2026-3922: Use after free in MediaStream
  • CVE-2026-3923: Use after free in WebMIDI
  • CVE-2026-3924: Use after free in WindowDialog
  • CVE-2026-3925: Incorrect security UI in LookalikeChecks
  • CVE-2026-3926: Out of bounds read in V8
  • CVE-2026-3927: Incorrect security UI in PictureInPicture
  • CVE-2026-3928: Insufficient policy enforcement in Extensions
  • CVE-2026-3929: Side-channel information leakage in ResourceTiming
  • CVE-2026-3930: Unsafe navigation in Navigation
  • CVE-2026-3931: Heap buffer overflow in Skia
  • CVE-2026-3932: Insufficient policy enforcement in PDF
  • CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
  • CVE-2026-3935: Incorrect security UI in WebAppInstalls
  • CVE-2026-3936: Use after free in WebView
  • CVE-2026-3937: Incorrect security UI in Downloads
  • CVE-2026-3938: Insufficient policy enforcement in Clipboard
  • CVE-2026-3939: Insufficient policy enforcement in PDF
  • CVE-2026-3940: Insufficient policy enforcement in DevTools
  • CVE-2026-3941: Insufficient policy enforcement in DevTools
  • CVE-2026-3942: Incorrect security UI in PictureInPicture

systemd-258.7-1.fc43

Fedora Security Advisories
5 days 19 hours ago
FEDORA-2026-0e8eeb6a8a Packages in this update:
  • systemd-258.7-1.fc43
Update description:
  • A bunch of bugfixes
  • More sanitization for invalid values received from hardware and firmware

systemd-259.5-1.fc44

Fedora Security Advisories
5 days 19 hours ago
FEDORA-2026-67f57405ee Packages in this update:
  • systemd-259.5-1.fc44
Update description:

More bugfixes.

  • A bunch of bugfixes
  • More sanitization for invalid values received from hardware and firmware

scitokens-cpp-1.4.1-1.el10_3

Fedora Security Advisories
5 days 22 hours ago
FEDORA-EPEL-2026-292969a0ee Packages in this update:
  • scitokens-cpp-1.4.1-1.el10_3
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el10_1

Fedora Security Advisories
5 days 22 hours ago
FEDORA-EPEL-2026-5e624b43af Packages in this update:
  • scitokens-cpp-1.4.1-1.el10_1
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el8

Fedora Security Advisories
5 days 22 hours ago
FEDORA-EPEL-2026-179159d77f Packages in this update:
  • scitokens-cpp-1.4.1-1.el8
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.fc44

Fedora Security Advisories
5 days 22 hours ago
FEDORA-2026-176625c3fc Packages in this update:
  • scitokens-cpp-1.4.1-1.fc44
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.fc42

Fedora Security Advisories
5 days 22 hours ago
FEDORA-2026-a6d1791c49 Packages in this update:
  • scitokens-cpp-1.4.1-1.fc42
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.fc43

Fedora Security Advisories
5 days 22 hours ago
FEDORA-2026-52c99ecf64 Packages in this update:
  • scitokens-cpp-1.4.1-1.fc43
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

scitokens-cpp-1.4.1-1.el9

Fedora Security Advisories
5 days 22 hours ago
FEDORA-EPEL-2026-6d1034adaf Packages in this update:
  • scitokens-cpp-1.4.1-1.el9
Update description:
  • Fix scope path boundary validation to deny sibling-prefix authorization bypasses
  • Reject parent-directory traversal in scope paths, including encoded traversal forms
  • Add regression tests covering sibling-prefix and traversal authorization checks

python-scitokens-1.9.7-1.fc43

Fedora Security Advisories
5 days 22 hours ago
FEDORA-2026-727b73bfa0 Packages in this update:
  • python-scitokens-1.9.7-1.fc43
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks

python-scitokens-1.9.7-1.el9

Fedora Security Advisories
5 days 22 hours ago
FEDORA-EPEL-2026-f38b3ac925 Packages in this update:
  • python-scitokens-1.9.7-1.el9
Update description:
  • Remove legacy parent SciToken chaining behavior from token initialization and claim handling
  • Harden Enforcer scope path traversal validation (including encoded traversal checks)
  • Clean up documentation references to parent/chained SciTokens
  • Fix SQL injection risk in KeyCache by using parameterized SQLite queries
  • Prevent sibling-path authorization bypass in Enforcer scope checks
Checked
57 minutes 34 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security