Aggregator

FEDORA-2026-376794abc1 Packages in this update:

• cef-145.0.25^chromium145.0.7632.75-4.fc44

Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

• CVE-2026-1861: Heap buffer overflow in libvpx
• CVE-2026-1862: Type Confusion in V8
• CVE-2026-2313: Use after free in CSS
• CVE-2026-2314: Heap buffer overflow in Codecs
• CVE-2026-2315: Inappropriate implementation in WebGPU
• CVE-2026-2316: Insufficient policy enforcement in Frames
• CVE-2026-2317: Inappropriate implementation in Animation
• CVE-2026-2318: Inappropriate implementation in PictureInPicture
• CVE-2026-2319: Race in DevTools
• CVE-2026-2320: Inappropriate implementation in File input
• CVE-2026-2321: Use after free in Ozone
• CVE-2026-2322: Inappropriate implementation in File input
• CVE-2026-2323: Inappropriate implementation in Downloads
• CVE-2026-2441: Use after free in CSS

FEDORA-2026-a48b5f36ec Packages in this update:

• cef-145.0.25^chromium145.0.7632.75-4.fc42

Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

• CVE-2026-1861: Heap buffer overflow in libvpx
• CVE-2026-1862: Type Confusion in V8
• CVE-2026-2313: Use after free in CSS
• CVE-2026-2314: Heap buffer overflow in Codecs
• CVE-2026-2315: Inappropriate implementation in WebGPU
• CVE-2026-2316: Insufficient policy enforcement in Frames
• CVE-2026-2317: Inappropriate implementation in Animation
• CVE-2026-2318: Inappropriate implementation in PictureInPicture
• CVE-2026-2319: Race in DevTools
• CVE-2026-2320: Inappropriate implementation in File input
• CVE-2026-2321: Use after free in Ozone
• CVE-2026-2322: Inappropriate implementation in File input
• CVE-2026-2323: Inappropriate implementation in Downloads
• CVE-2026-2441: Use after free in CSS

FEDORA-2026-0bced5158d Packages in this update:

• cef-145.0.25^chromium145.0.7632.75-4.fc43

Update description:

Update to cef-145.0.25 + chromium 145.0.7632.75

• CVE-2026-1861: Heap buffer overflow in libvpx
• CVE-2026-1862: Type Confusion in V8
• CVE-2026-2313: Use after free in CSS
• CVE-2026-2314: Heap buffer overflow in Codecs
• CVE-2026-2315: Inappropriate implementation in WebGPU
• CVE-2026-2316: Insufficient policy enforcement in Frames
• CVE-2026-2317: Inappropriate implementation in Animation
• CVE-2026-2318: Inappropriate implementation in PictureInPicture
• CVE-2026-2319: Race in DevTools
• CVE-2026-2320: Inappropriate implementation in File input
• CVE-2026-2321: Use after free in Ozone
• CVE-2026-2322: Inappropriate implementation in File input
• CVE-2026-2323: Inappropriate implementation in Downloads
• CVE-2026-2441: Use after free in CSS

Version:next-20260220 (linux-next) Released:2026-02-20

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - io_uring subsystem; (CVE-2025-38561, CVE-2025-39698, CVE-2025-40019)

FEDORA-EPEL-2026-e4c468db6d Packages in this update:

• python-django4.2-4.2.28-1.el9

Update description:

• Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
• Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
• Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
• Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
• Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
• Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

FEDORA-2026-ca3d81129a Packages in this update:

• python-django4.2-4.2.28-1.fc42

Update description:

• Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
• Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
• Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
• Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
• Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
• Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; (CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)

FEDORA-2026-3adb735295 Packages in this update:

• python-django5-5.2.11-1.fc43

Update description:

• Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
• Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
• Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
• Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
• Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
• Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
• Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
• Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting

FEDORA-2026-00b5bf3150 Packages in this update:

• python-django5-5.2.11-1.fc42

Update description:

• Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
• Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
• Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
• Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
• Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
• Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
• Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
• Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting

Version:6.19.3 (stable) Released:2026-02-19 Source:linux-6.19.3.tar.xz PGP Signature:linux-6.19.3.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.19.3

Version:6.18.13 (stable) Released:2026-02-19 Source:linux-6.18.13.tar.xz PGP Signature:linux-6.18.13.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.13

Version:6.12.74 (longterm) Released:2026-02-19 Source:linux-6.12.74.tar.xz PGP Signature:linux-6.12.74.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.74

Version:6.6.127 (longterm) Released:2026-02-19 Source:linux-6.6.127.tar.xz PGP Signature:linux-6.6.127.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.127

Version:6.1.164 (longterm) Released:2026-02-19 Source:linux-6.1.164.tar.xz PGP Signature:linux-6.1.164.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.164

Version:5.15.201 (longterm) Released:2026-02-19 Source:linux-5.15.201.tar.xz PGP Signature:linux-5.15.201.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.201

Version:5.10.251 (longterm) Released:2026-02-19 Source:linux-5.10.251.tar.xz PGP Signature:linux-5.10.251.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.10.251

FEDORA-2026-d12293cd34 Packages in this update:

• php-zumba-json-serializer-3.2.3-1.fc44

Update description:

Version 3.2.3

[Security] Added method to restrict which classes can be unserialized. Security Advisory GHSA-v7m3-fpcr-h7m2